RTF malware analysis — malicious · 18b267a739ca5cc4

MALICIOUS

RTF

40.0 KB Created: 2017-05-11 14:42:00 First seen: 2026-06-07

MD5: a2e9772752850311a57560a47419a240 SHA-1: 48ddda8cdd7cace8caabb6b4159a2b43741b5970 SHA-256: 18b267a739ca5cc4b833258fc9d495292a5a2f087c8b8c5859bc406ee9d8bc3e

62 Risk Score

Heuristics 3

Security software disable instruction high SE_SECURITY_BYPASS

Document instructs the user to disable antivirus or security software — unusual for ordinary documents and high-risk in an unsolicited file
Callback phishing phone lure medium SE_CALLBACK_LURE

Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.microsoft.com/office/word/2003/wordml In RTF body

Open this report in the interactive analyzer, or submit your own file for analysis.