Malicious RTF — malware analysis report

Static analysis result for SHA-256 1b699eecb27aefb9…

MALICIOUS

RTF

101.3 KB First seen: 2015-09-18
MD5: 2aeccb6e6b29fc8419831e19aac18770 SHA-1: ee72ae96d5d01b1decb0c8e0bf70e2fbba24db88 SHA-256: 1b699eecb27aefb982fafcbadad7d98db4f1c91ceeafb201ef3a5929ff9e0735
120 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The RTF file contains a critical heuristic firing for CVE-2010-3333, indicating a stack overflow vulnerability. This exploit is designed to achieve arbitrary code execution on the victim's system. The document body content is not directly indicative of a specific lure, but the exploit itself is the primary attack vector.

Heuristics 2

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • ClamAV: BC.Legacy.Exploit.CVE_2010_3333-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2010_3333-5

Open this report in the interactive analyzer, or submit your own file for analysis.