Figure 01 – LNK Top Level File Structure
Microsoft Windows uses .lnk as the filename extension for shortcuts to local files, and .URL for shortcuts to remote files, like web pages.
Thanks to Jesse Hager for creating the specification document. Please refer this link http://www.wotsit.org/list.asp?al=L and search ‘LNK’ download good reference.
As observed, LNK trojan downloaders takes advantage of Command line string to perform malicious activity.
0day on malformed Windows Shell Link (.LNK) Binary referred as CVE-2010-2568 and Microsoft Security Advisory (2286198)
LNK binary file format reference: