MALICIOUS
82
Risk Score
Heuristics 4
-
\objupdate forces OLE activation high RTF_OBJUPDATERTF contains \objupdate — forces automatic OLE object instantiation when the document is opened, bypassing user interaction. Almost exclusively seen in Equation Editor exploit documents.
-
OLE object data medium RTF_OBJDATARTF contains 10 \objdata section(s) — embedded OLE objects
-
Embedded OLE object medium RTF_OBJEMBRTF contains \objemb — embedded OLE object
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2003/wordml In RTF body
Extracted artifacts 10
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off00002c4d.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x2C4D | 27707 bytes |
SHA-256: 89e31e61ae6a88e22bb88c6e9db9df9780b95356846904b2fc7a0faffee2e317 |
|||
objdata_01_off00016484.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x16484 | 27707 bytes |
SHA-256: 92b7ab3a9ffcc2f3c76843c42c432896bf73ef6145f5a5613fd8e3766696d79e |
|||
objdata_02_off00029cbb.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x29CBB | 27707 bytes |
SHA-256: 8b39ddf09c92b4cb6bb098d379c442e9a60cb5643076a5c1a1bd22147e4a8427 |
|||
objdata_03_off0003d4f2.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x3D4F2 | 27707 bytes |
SHA-256: 49a947bc019d6fb6527dcf89e472146ed0a0f8975f93f6e4bb013cfad136bde8 |
|||
objdata_04_off00050d29.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x50D29 | 27707 bytes |
SHA-256: 8fcc0444dd36acb3ee088e43c6f488d71755f9b41ac25e679ec2fd38494aef68 |
|||
objdata_05_off000645ac.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x645AC | 27707 bytes |
SHA-256: 1cdb3fc1841b1ccee89d507d09722bc6cde2ae78def8245349c9beb7517fdce6 |
|||
objdata_06_off00077de3.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x77DE3 | 27707 bytes |
SHA-256: ffe174552a8392fe13c3774ddb7a1c4af2aa5ffbf108791a2508a8801f9ba9b0 |
|||
objdata_07_off0008b61a.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x8B61A | 27707 bytes |
SHA-256: 25272c940378d0356e1b4021dd6a68e160e33a0b856659ef8435b35266894e6d |
|||
objdata_08_off0009ee51.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x9EE51 | 27707 bytes |
SHA-256: c44523ffbf95f8fd10ca3014a592ce0179631b274b44d98bca746fbc97d0df26 |
|||
objdata_09_off000b2688.bin |
rtf-objdata-decoded | RTF \objdata at offset 0xB2688 | 27707 bytes |
SHA-256: ec4859b10facdd00aafb5fa1faa655352ce96e21d810574cdfee55f39f7f9022 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.