MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
The RTF document contains OLE object data and triggers a critical ClamAV detection for Win.Trojan.Elpapok-1. Static analysis identified the CVE-2012-0158 vulnerability in MSCOMCTL.ListView, indicating a likely exploitation for client execution. The embedded OLE object data is the primary indicator of this exploit.
Heuristics 3
-
MSCOMCTL.ListView — CVE-2012-0158 high CVE_2012_0158RTF \objdata decodes to OLE data containing the MSCOMCTL.ListView — CVE-2012-0158 CLSID — the vulnerable control/moniker is embedded directly in the document's object stream, the delivery shape of this exploit. RTF objects auto-render when Word opens the file.
-
ClamAV: Win.Trojan.Elpapok-1 critical CLAMAV_DETECTIONClamAV detected this file as malware: Win.Trojan.Elpapok-1
-
OLE object data medium RTF_OBJDATARTF contains 1 \objdata section(s) — embedded OLE objects
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off0000005f.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x5F | 4614 bytes |
SHA-256: 9d058bf2c99516cfc4becb88322d72d1af5182404806ea004ce5128eacf11217 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.