Difference between revisions of "StartmenuItem"
Line 13: | Line 13: | ||
You might want to use File instead, using the <$STARTMENU> or <$COMMONSTARTMENU> path templates, combined with the path template <$DESKTOP> and the advanced file parameter target[link], unless you depend on the link to find the actual file (in case it uses totally random names in totally random folders, for example). | You might want to use File instead, using the <$STARTMENU> or <$COMMONSTARTMENU> path templates, combined with the path template <$DESKTOP> and the advanced file parameter target[link], unless you depend on the link to find the actual file (in case it uses totally random names in totally random folders, for example). | ||
+ | |||
+ | ===Scan Results=== | ||
+ | * The link file. | ||
==See also== | ==See also== | ||
Line 28: | Line 31: | ||
[[Category:SBI Commands]] | [[Category:SBI Commands]] | ||
− | |||
[[Category:SBI Commands supporting AlgoPrefix]] | [[Category:SBI Commands supporting AlgoPrefix]] |
Revision as of 10:29, 18 February 2008
Searches the start menu items for one linking to the given filename.
Usage
StartmenuItem:[link name],[file name],<advanced file parameters>
Examples
StartmenuItem:"Our malware online.lnk","<$PROGRAMFILES>\OurMalware\Malware Online.url"
Description
- The name of the link file to detect, no path involved, Algo-Prefixes allowed. AP
- The name of the file the link needs to point to, Algo-Prefixes and path templates allowed. AP PT
- You should specify advanced file parameters as the third parameter to limit the detection by real file properties, since file names only can be quite ambiguous.
You might want to use File instead, using the <$STARTMENU> or <$COMMONSTARTMENU> path templates, combined with the path template <$DESKTOP> and the advanced file parameter target[link], unless you depend on the link to find the actual file (in case it uses totally random names in totally random folders, for example).
Scan Results
- The link file.