AndrewRathbun
commented
2 months ago Can you provide this LNK file?
Open wwwab123 opened 2 months ago
AndrewRathbun
commented
2 months ago Can you provide this LNK file?
wwwab123
commented
2 months ago Can you provide this LNK file?
Yes.
You can download samples here: https://github.com/StrikeReady-Inc/research/tree/main/2024-08-07%20BITTER%20opendir, Password: "infected" (without quotes), Location: ./kimfilippovision.com/documents/temp1134/Document Ref.40007609072024.pdf.lnk
They are malicious file. Please be careful and keep safe.
Best regards, wwwab
LECmd version 1.5.0.0
Author: Eric Zimmerman (saericzimmerman@gmail.com) https://github.com/EricZimmerman/LECmd
Command line: -f C:\Users\Administrator\Desktop\samples\documents\temp1134\Docum ent Ref.40007609072024.pdf.lnk
Processing C:\Users\Administrator\Desktop\samples\documents\temp1134\Document Re f.40007609072024.pdf.lnk
Source file: C:\Users\Administrator\Desktop\samples\documents\temp1134\Document Ref.40007609072024.pdf.lnk Source created: 2024-08-18 03:39:01 Source modified: 2024-07-09 12:07:12 Source accessed: 2024-08-18 03:39:01
--- Header --- Target created: 2024-06-26 05:21:48 Target modified: 2024-06-26 05:21:48 Target accessed: 2024-07-09 12:07:11
File size (bytes): 867,840 Flags: HasTargetIdList, HasLinkInfo, HasArguments, HasIconLocation, IsUnicode, HasExpIcon File attributes: FileAttributeArchive Icon index: 13 Error opening C:\Users\Administrator\Desktop\samples\documents\temp1134\Document Ref.40007609072024.pdf.lnk. Message: 未将对象引用设置到对象的实例。 System.NullReferenceException: 未将对象引用设置到对象的实例。 在 LECmd.Program.GetDescriptionFromEnumValue(Enum value) 在 LECmd.Program.ProcessFile(String lnkFile, Boolean quiet, Boolean removable Only, String datetimeFormat, Boolean nid, Boolean neb, Int32 codepage)