MALICIOUS
202
Risk Score
Heuristics 5
-
ClamAV: Xls.Downloader.Generic-6750544-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Downloader.Generic-6750544-0
-
\objupdate forces OLE activation high RTF_OBJUPDATERTF contains \objupdate — forces automatic OLE object instantiation when the document is opened, bypassing user interaction. Almost exclusively seen in Equation Editor exploit documents.
-
OLE object data medium RTF_OBJDATARTF contains 12 \objdata section(s) — embedded OLE objects
-
Embedded OLE object medium RTF_OBJEMBRTF contains \objemb — embedded OLE object
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2003/wordml In RTF body
Extracted artifacts 12
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off00002c42.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x2C42 | 28731 bytes |
SHA-256: 573112c3165a509580d01deae3b3333099862975370351a585d7c5f633c4d57c |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_01_off00016c83.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x16C83 | 28731 bytes |
SHA-256: d18bf7bd2eefd8720c0a5b8417c7ea2e4b6075630fb5267fcac2b19fef0220d0 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_02_off0002acc4.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x2ACC4 | 28731 bytes |
SHA-256: ce2486f6cb0d64f77faebb0330cb631e91c3659285d5728922f93398aa77abd4 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_03_off0003ed05.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x3ED05 | 28731 bytes |
SHA-256: 84737a2d54063877a59858f48a52d5037c72972a6a42c05cc7ec6ee5937b54f9 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_04_off00052d46.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x52D46 | 28731 bytes |
SHA-256: 82fa5377f0ee420f21c12dda3203cd10a608726d55e9255e989433d4bd69a62d |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_05_off00066d87.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x66D87 | 28731 bytes |
SHA-256: 81c050775935bc863cc45d14defd9280bf20bcbe2161cf6c8cd6e8211883e841 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_06_off0007adc8.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x7ADC8 | 28731 bytes |
SHA-256: 485ea1b0d4b15c6351bb30c24330ab54d51b7fe55f83c5745b10349962521e1e |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_07_off0008ee09.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x8EE09 | 28731 bytes |
SHA-256: 5e0b0e6d70a9bf7449c5069334ceed6449f2a727e640baf33959af8513034418 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_08_off000a2e4a.bin |
rtf-objdata-decoded | RTF \objdata at offset 0xA2E4A | 28731 bytes |
SHA-256: 87af907b00586eb8c1f79cb34129c9d77eab1fd7773c98fe558f744331ee307f |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_09_off000b6e8b.bin |
rtf-objdata-decoded | RTF \objdata at offset 0xB6E8B | 28731 bytes |
SHA-256: fe5eb260cfe3143591b98282c3b982c5fe78d1bc247caeb3563adafaebbaf728 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_10_off000caecc.bin |
rtf-objdata-decoded | RTF \objdata at offset 0xCAECC | 28731 bytes |
SHA-256: 260b0ed45392978f148de772826373600d9a07ed606019cbe81d002ac0c3ccb4 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
objdata_11_off000def0d.bin |
rtf-objdata-decoded | RTF \objdata at offset 0xDEF0D | 28731 bytes |
SHA-256: 784bc50a9180eabb60674ce1a4bc3e569e406025084003acf88836d58ee62298 |
|||
|
Detection
ClamAV:
Xls.Downloader.Generic-6750544-0
Obfuscation or payload:
unlikely
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.