Malicious RTF — malware analysis report

Static analysis result for SHA-256 63792cfa598a3fb3…

MALICIOUS

RTF

8.7 KB Authoring application: Msftedit 5.41.21.2509
MD5: d88986d657c92c40f0ed0b05b4f340e5 SHA-1: af1e6d84b47e3615345af407bfc67f9737920b9c SHA-256: 63792cfa598a3fb392517254f0e0d7c2b6ba5ef5d859ef74a6f4008f38e1f1a8
140 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The RTF file contains an embedded OLE object, specifically identified as a package object. This technique is frequently used to embed and execute malicious code. The ClamAV detection of Eicar-Test-Signature confirms the malicious nature of the file, indicating it's a test for malware detection capabilities.

Heuristics 4

  • ClamAV: Eicar-Test-Signature critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Eicar-Test-Signature
  • Package object class high RTF_OBJCLASS_PACKAGE
    OLE Package object — can wrap arbitrary files
  • OLE object data medium RTF_OBJDATA
    RTF contains 1 \objdata section(s) — embedded OLE objects
  • Embedded OLE object medium RTF_OBJEMB
    RTF contains \objemb — embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objdata_00_off00000124.bin
82ac6c0585ab53ea4b56703c908209a54c5341d0ec6441c7edfb36e16609d91d		 rtf-objdata-decoded RTF \objdata at offset 0x124 437 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.