Win.Trojan.BAR-1 RTF malware analysis — malicious · 0781814976bd493a

MALICIOUS

RTF

9.8 KB Authoring application: Msftedit 5.41.21.2510

MD5: 77b5010f7c2efb4d7c2754da58fcd773 SHA-1: c81d2cb154b43523634d487c239ce95f757a9d85 SHA-256: 0781814976bd493aab939e32536337eee8177b967ac79ad69ce5e110b2263d57

140 Risk Score

Malware Insights

Win.Trojan.BAR-1 · confidence 95%

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The RTF file contains an embedded OLE object, identified as a package object. ClamAV detection indicates this is Win.Trojan.BAR-1. The presence of OLE objects suggests an attempt to exploit vulnerabilities or deliver a secondary payload when the document is opened, likely via spearphishing.

Heuristics 4

ClamAV: Win.Trojan.BAR-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.BAR-1
Package object class high RTF_OBJCLASS_PACKAGE

OLE Package object — can wrap arbitrary files
OLE object data medium RTF_OBJDATA

RTF contains 1 \objdata section(s) — embedded OLE objects
Embedded OLE object medium RTF_OBJEMB

RTF contains \objemb — embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`objdata_00_off000000ee.bin` `75c73ef1c8df2c96b14004e0f74a8259359941ab7af1e8feccb3118c8e164945`	rtf-objdata-decoded	RTF \objdata at offset 0xEE	1008 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.