Malicious RTF — malware analysis report

Static analysis result for SHA-256 342f1ae162648198…

MALICIOUS

RTF

100.5 KB
MD5: 99832d88f022d1a928f56384be3e809a SHA-1: b50843733e2171b6bfd0012207c6436d420647c0 SHA-256: 342f1ae162648198f78554e2d0095623c1be1cfaa31c962cf0a52c4ae756f82a
120 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is an RTF file that triggers a critical heuristic for CVE-2010-3333, a known stack overflow vulnerability. This exploit allows for arbitrary code execution on the victim's machine. No further payload or network activity was observed in the static analysis.

Heuristics 2

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • ClamAV: BC.Legacy.Exploit.CVE_2010_3333-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2010_3333-5

Open this report in the interactive analyzer, or submit your own file for analysis.