RTF malware analysis — malicious · 206dcd7e92bfcd09

MALICIOUS

RTF

10.0 KB First seen: 2015-09-16

MD5: 43a39eb0057f7f4e7f238a03bb12c180 SHA-1: c4f87acd8d496d6acada3cffc34854f8b65c4479 SHA-256: 206dcd7e92bfcd093724d0f8d608df6d8d0c183a548cdea7e10f6df1a6dc86f7

80 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution

The RTF file contains OLE object data and is detected by ClamAV as BC.Legacy.Exploit.CVE_2012_0158-20, indicating exploitation of CVE-2012-0158. This exploit allows for client execution of arbitrary code. No document body or scripts were extracted, limiting further analysis of the payload.

Heuristics 2

ClamAV: BC.Legacy.Exploit.CVE_2012_0158-20 critical CLAMAV_DETECTION

ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2012_0158-20
OLE object data medium RTF_OBJDATA

RTF contains 1 \objdata section(s) — embedded OLE objects

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`objdata_00_off000000a0.bin`	rtf-objdata-decoded	RTF \objdata at offset 0xA0	5054 bytes
SHA-256: `d4d2252b97fd714d5f1984cf0766a8288a0a5b35921e5b6c9e81dcb1b48a4570`

Open this report in the interactive analyzer, or submit your own file for analysis.