I did not think that I could complete this challenge since I've never done Malware analysis but I thought that I would give it a try since it's was just a shortcut file (ಠ_ಠ)

```
**First I did the obvious things, like file and strings to see what kind of information I can find. Not much**.
```


```
**Second, I thought about getting the md5 hash of the shortcut file and using VirusTotal to see if it finds anything, which it did.**
```


```
**I knew that I was on the right path since the date on VirusTotal was very very recent for this file. I immediately went to the 'Community' tab and found a link for Joe Sandbox Analysis**.
```


```
**Opening the Link I noticed the 'Found URL in windows shortcut file (LNK)' under 'Signatures' section. This caught my eye and I started to look for links in the report**.
```

```
**Under 'Static Windows Shortcut Info' section I was able to find a tinyurl link (tinyurl.com/a7ba6ma),**
```

```
**which redirected me to a Google Drive page that had a usb.txt file, and what looked like a Base64 encoded data**.
```
```

**Copying the data and trying to decode it in Cyberchef did not work. The data looked too scrambled and did not make sense. I tried Base85, Base62, Base58, Base45, and finally with Base32 I was able to correctly decode the data. At first I did not know if it was an .EXE file or a .DLL because I read a few articles and got confused.. so we will call it an EXE/DLL file**.
```

```

**Under the 'Output' section for Cyberchef I noticed the mentioning of MessageBox, so I thought that maybe when I execute the file a MessageBox would appear. Also I noticed that there was a xml code at the bottom, but did not understand why it was there, maybe it's default by default for all .exe :?**
```

```
**I then saved the output to a file and tried to use the command strings to see if I can catch an easy flag :P, but it was not that easy.**
```


```
**Opening the file in ghidra did not reveal too much. Just bunch of code that I do not understand**
```


```
**Moving over to Windows, I tried to run the .exe file but was presented with "This app can't run on your PC", the end**.
```


```
**I tried a few different things like using different disassemblers but nothing was catching my eyes. I then thought about changing the extension to .dll and then using rundll32 to run it, it did nothing..**
```
```
**Running it again with rundll32 but with a parameter shows a MessageBox with the flag (╯°□°）╯︵ ┻━┻, Don't know how, Don't know why ¯\_(ツ)_/¯**
```