Environment: Huntress Managed Endpoint Detection and Response (EDR)
Summary: What are Malware artifacts?
Malware artifacts are items left over from malware infection. Automated remediation tools such as Anti-virus software will remove the malicious file, but leave the mechanism used to start the malicious file.**
Common artifacts Huntress identifies include:
- LNK (shortcut) files: the LNK file points to a non-existent file
- Registry values (especially values within the user registry/NTUSER.dat file)
- Service entries: the service is still registered with the Service Control Manager, but the service executable is not present
- Directories: a registry value or LNK file may have pointed to a file that is no longer present, but the directory remains
**Some malware will delete itself after running and potentially leave artifacts as well.