MALICIOUS
202
Risk Score
Heuristics 5
-
ClamAV: Xls.Downloader.Generic-6750544-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Downloader.Generic-6750544-0
-
\objupdate forces OLE activation high RTF_OBJUPDATERTF contains \objupdate — forces automatic OLE object instantiation when the document is opened, bypassing user interaction. Almost exclusively seen in Equation Editor exploit documents.
-
OLE object data medium RTF_OBJDATARTF contains 10 \objdata section(s) — embedded OLE objects
-
Embedded OLE object medium RTF_OBJEMBRTF contains \objemb — embedded OLE object
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2003/wordml In RTF body
Extracted artifacts 10
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off00002cc3.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x2CC3 | 27707 bytes |
SHA-256: ebbe0a352503d0f04598ccb365226b5f74318fc2cc627c8ef9a571db9ff5a9ad |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_01_off0001680d.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x1680D | 27707 bytes |
SHA-256: 2115979e4d1f8b089d1d344c2c4731e614857fd7839316a5200c9bbb7a2d385c |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_02_off0002a4de.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x2A4DE | 27707 bytes |
SHA-256: 4fecc7028d3049714da19b9c2690a35643bd9a88520fe36f25fb921196188831 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_03_off0003e1ad.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x3E1AD | 27707 bytes |
SHA-256: 5712f34f4dd8e470e9965806e8943f1333a816de26b961c2deafcfaab5a9d28b |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_04_off00051e7c.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x51E7C | 27707 bytes |
SHA-256: 61424701e9db1659e3d554e1eecdb31ff892914094741031564901b9afa34048 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_05_off00065b73.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x65B73 | 27707 bytes |
SHA-256: a76ee20cc9ce154e2bd577db4740775f4c685c28fca9fb6def45b6f67ac47b92 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_06_off00079636.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x79636 | 27707 bytes |
SHA-256: 65102f94e4a3d3449135d56144ed20686af7b479728e0cf9d835f4ec06f32c9d |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_07_off0008d305.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x8D305 | 27707 bytes |
SHA-256: 4d621109b6f74f1a9fba4e39c8d508e7ef94d38c0da338fb76fd21ae8269f89f |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_08_off000a0fd4.bin |
rtf-objdata-decoded | RTF \objdata at offset 0xA0FD4 | 27707 bytes |
SHA-256: 5be308f2e32c380a89285b384ecbeed9d807c81617e6a7cd881263ba8c8e02a7 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_09_off000b4ca3.bin |
rtf-objdata-decoded | RTF \objdata at offset 0xB4CA3 | 27707 bytes |
SHA-256: c933adf1097ce84db90b8dab5630685fed2b291834410951da794c9ae437df9b |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.