Malicious RTF — malware analysis report

Static analysis result for SHA-256 55da3b28b3d1fc18…

MALICIOUS

RTF

100.5 KB First seen: 2015-10-01
MD5: 8f64bb441b4e86247285bc1ac4384200 SHA-1: 3c5f66ffb4e055171379c0903120bec39f987496 SHA-256: 55da3b28b3d1fc188c54863a97a62867ea87f80819f0bb1453cfdf8ca21b9f24
120 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is an RTF document that triggers the CVE-2010-3333 vulnerability, a stack overflow in the pFragments parsing. This exploit allows for arbitrary code execution on the vulnerable system. No other malicious behavior or payloads were identified in the static analysis.

Heuristics 2

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • ClamAV: BC.Legacy.Exploit.CVE_2010_3333-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2010_3333-5

Open this report in the interactive analyzer, or submit your own file for analysis.