Office (OLE) / .RT malware analysis — malicious · 3967cc6452cf5cce

MALICIOUS

Office (OLE) / .RT

154.3 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0

MD5: 4ff997dcc318e4cdeb3595d1fdd6278c SHA-1: 529d48972be55da899e610e200551b2df682ad90 SHA-256: 3967cc6452cf5cce1b12bc06cf868dab5b1d2c85e931a615fdea3bc2fa6491d9

62 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.001 Spearphishing Attachment

The file is a Microsoft Word document that triggers the CVE-2006-6456 vulnerability due to malformed table SPRM data. This vulnerability allows for arbitrary code execution when the document is opened. No VBA macros were extractable, but the exploit itself is sufficient to classify the document as malicious.

Heuristics 2

CVE-2006-6456 — Microsoft Word malformed table SPRM critical CVE exact CVE_2006_6456

WordDocument contains a malformed table border-color SPRM in the CVE-2006-6456 shape: a valid table-SPRM cluster is followed by an invalid high-byte 0xFF SPRM where Word expects a normal sprmTBrc*Cv record. Vulnerable Word 2000/2002/2003 parsers corrupt memory while handling this malformed data structure.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.