Malicious RTF — malware analysis report

Static analysis result for SHA-256 33d26a216602de37…

MALICIOUS

RTF

519.7 KB First seen: 2015-10-13
MD5: f10383d5f609103e0776275a2af180a0 SHA-1: ee4b4d64474fdd9d104e8935231297012cfecb77 SHA-256: 33d26a216602de379814aaa6c75077cf339d76f9fea8ea84ed9b6ee71c245c35
60 Risk Score

Heuristics 2

  • MSCOMCTL.Toolbar — CVE-2012-0158 / CVE-2012-1856 high CVE related CVE_2012_1856
    RTF \objdata decodes to OLE data containing the MSCOMCTL.Toolbar — CVE-2012-0158 / CVE-2012-1856 CLSID — the vulnerable control/moniker is embedded directly in the document's object stream, the delivery shape of this exploit. RTF objects auto-render when Word opens the file.
  • OLE object data medium RTF_OBJDATA
    RTF contains 1 \objdata section(s) — embedded OLE objects

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objdata_00_off00000a54.bin rtf-objdata-decoded RTF \objdata at offset 0xA54 8672 bytes
SHA-256: fa1162492faef2dd83e67a5ecbb29e5214f8a713c64591507492e4f8d9dd0ba5

Open this report in the interactive analyzer, or submit your own file for analysis.