Office (OLE) / .RTF malware analysis — malicious · 45b0049084428e87

MALICIOUS

Office (OLE) / .RTF

205.2 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0

MD5: 01fc49b25728ede1e3b2a326960260ab SHA-1: 842977785fb6f8bd748cb6d64e423cb0df34f11d SHA-256: 45b0049084428e870fcbc2dfb372b3aa8023088a5a04dc1de247ed2fe63663af

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The file is an RTF document disguised as an OLE object, which is a common technique for delivering exploits. The large slack space and the object pool container disguised as RTF are strong indicators of malicious intent. No specific malware family could be identified, and no document body or scripts were extracted to provide further context on the payload.

Heuristics 2

OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 210,141 bytes but its declared streams total only 94,801 bytes — 115,340 bytes (55%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
OLE ObjectPool in file named RTF high OLE_OBJECTPOOL_CONTAINER_DISGUISED_RTF

File is an OLE compound document named .rtf and contains ObjectPool embedded-object storage, suggesting a disguised Word/OLE container with embedded object attack surface.

Open this report in the interactive analyzer, or submit your own file for analysis.