Error

[wwwab123]

LECmd version 1.5.0.0

Author: Eric Zimmerman ([email protected]) https://github.com/EricZimmerman/LECmd

Command line: -f C:\Users\Administrator\Desktop\samples\documents\temp1134\Docum ent Ref.40007609072024.pdf.lnk

Processing C:\Users\Administrator\Desktop\samples\documents\temp1134\Document Re f.40007609072024.pdf.lnk

Source file: C:\Users\Administrator\Desktop\samples\documents\temp1134\Document Ref.40007609072024.pdf.lnk Source created: 2024-08-18 03:39:01 Source modified: 2024-07-09 12:07:12 Source accessed: 2024-08-18 03:39:01

--- Header --- Target created: 2024-06-26 05:21:48 Target modified: 2024-06-26 05:21:48 Target accessed: 2024-07-09 12:07:11

File size (bytes): 867,840 Flags: HasTargetIdList, HasLinkInfo, HasArguments, HasIconLocation, IsUnicode, HasExpIcon File attributes: FileAttributeArchive Icon index: 13 Error opening C:\Users\Administrator\Desktop\samples\documents\temp1134\Document Ref.40007609072024.pdf.lnk. Message: 未将对象引用设置到对象的实例。 System.NullReferenceException: 未将对象引用设置到对象的实例。 在 LECmd.Program.GetDescriptionFromEnumValue(Enum value) 在 LECmd.Program.ProcessFile(String lnkFile, Boolean quiet, Boolean removable Only, String datetimeFormat, Boolean nid, Boolean neb, Int32 codepage)

[AndrewRathbun]

Can you provide this LNK file?

[wwwab123]

Can you provide this LNK file?

Yes.

You can download samples here: https://github.com/StrikeReady-Inc/research/tree/main/2024-08-07%20BITTER%20opendir, Password: "infected" (without quotes), Location: ./kimfilippovision.com/documents/temp1134/Document Ref.40007609072024.pdf.lnk

They are malicious file. Please be careful and keep safe.

Best regards, wwwab