RTF malware analysis — malicious · 4032e6241b5706f6

MALICIOUS

RTF

603.1 KB Created: 2010-08-19 13:11:00 Authoring application: Microsoft Word 11.0.5604

MD5: fadd3471f8e8a046f86cb8acb6b222ff SHA-1: 3b21fda16c1b915daf375cd7b32540be64ed356b SHA-256: 4032e6241b5706f68b0496efcec4ec6f11492bd6941630e3afa20203831b82e3

142 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1204.002 Malicious File

The RTF document contains embedded OLE objects, including a package object and PE header in hex data. The document body text explicitly instructs the user to 'double click on the icone to view more Serials and keygens', indicating a social engineering lure. The presence of a PE header within the embedded object strongly suggests that it is a malicious executable disguised as a benign file.

Heuristics 5

PE header (with DOS stub) in hex data critical RTF_MZ_HEX

Hex-encoded PE (MZ + DOS stub) found inside RTF — likely an embedded executable payload
Package object class high RTF_OBJCLASS_PACKAGE

OLE Package object — can wrap arbitrary files
OLE object data medium RTF_OBJDATA

RTF contains 1 \objdata section(s) — embedded OLE objects
Embedded OLE object medium RTF_OBJEMB

RTF contains \objemb — embedded OLE object
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`objdata_00_off00000e22.bin` `9bb59cc565736813d17bb1a608f15b8462e6ad455f50bc00119960a2427b83ac`	rtf-objdata-decoded	RTF \objdata at offset 0xE22	300550 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact entropy is 7.68, consistent with packed or encrypted content.

Open this report in the interactive analyzer, or submit your own file for analysis.