Malicious RTF / .DOC — malware analysis report

Static analysis result for SHA-256 1fbeeb87f0b7f7c7…

MALICIOUS

RTF / .DOC

23.0 KB
MD5: 7d544e5cf36fe2ee297bdf75986fa166 SHA-1: d051a20e1898bf0004c29604addf3698c9f71117 SHA-256: 1fbeeb87f0b7f7c71cf3f3422092dd4e9cba2b695336e6327daed1fa422bdf99
100 Risk Score

Heuristics 3

  • Automatically linked OLE object high RTF_OBJAUTLINK
    RTF contains \objautlink — an automatically linked OLE object surface that can be updated or activated when Word opens the document.
  • \objupdate forces OLE activation high RTF_OBJUPDATE
    RTF contains \objupdate — forces automatic OLE object instantiation when the document is opened, bypassing user interaction. Almost exclusively seen in Equation Editor exploit documents.
  • OLE object data medium RTF_OBJDATA
    RTF contains 1 \objdata section(s) — embedded OLE objects

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objdata_00_off000013f6.bin
2e24935603520abf32c4e073cea7d2c2bdb27aa896a307342c3b2ac13d21dc32		 rtf-objdata-decoded RTF \objdata at offset 0x13F6 1408 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.