Malicious RTF — malware analysis report

Static analysis result for SHA-256 0131419a71e952b2…

MALICIOUS

RTF

101.1 KB
MD5: b30b0ea903c227ff02840d889773de2c SHA-1: 4d654d64ab71083ccfcd9cff1af78c1161d497d3 SHA-256: 0131419a71e952b2606de8dcf9646ab5be6c4f8dd5519cd7216b0686746b8e2d
120 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is an RTF document that triggers a critical heuristic for CVE-2010-3333, a known stack overflow vulnerability. This indicates the file is designed to exploit this vulnerability upon opening, likely to achieve arbitrary code execution.

Heuristics 2

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • ClamAV: BC.Legacy.Exploit.CVE_2010_3333-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2010_3333-5

Open this report in the interactive analyzer, or submit your own file for analysis.