Mac reader for .lnk file

broken image

lnk file to try and scan it on a more secure platform (non-persistent, offline sandbox). Before I turned off the machine, I made a copy of the. Copying and pasting the target itself into a command prompt does not exhibit the same behavior as before. I kind of assumed it was supposed to run something *after* looking like it was launching WMP, but it just cuts off. So clearly it tried to run powershell and change the ExecutionPolicy to ByPass (it showed as Restricted after I looked at it, but it's possible it was changed back afterwards.), but what follows is an incorrectly terminated comment. Here is the Target:Ĭ:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -eXEc ByP ”c:\Program Files\Windows Media Player\wmplayer.exe” -run It turns out the file was a 1-ish GB shortcut (.lnk) that was disguised as a movie. She said a few windows popped up for a split second, then nothing. My issue here is that neither Defender nor MalwareBytes picked anything up.

broken image

Upon extracting and trying to launch the movie it ended up launching powershell instead. So my girlfriend learned about torrents from some idiots at work and thought it would be nice to download a movie for us.

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save