Malicious RTF — malware analysis report

Static analysis result for SHA-256 82a4deeb2a4b5c0e…

MALICIOUS

RTF

8.0 KB First seen: 2015-09-17
MD5: 54cc515c032047890c84412f1a52c090 SHA-1: a524010aa74217d3bafe9f0b131766e2234b0905 SHA-256: 82a4deeb2a4b5c0e673a90404fdaf044274a3de33975933581822b1eb9c2fe09
160 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is an RTF document that exploits the CVE-2010-3333 vulnerability, a known stack buffer overflow. This exploit allows for arbitrary code execution upon opening the document. No specific malware family could be identified, but the exploit is the primary indicator of malicious intent.

Heuristics 3

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • ClamAV: BC.Legacy.Exploit.CVE_2010_3333-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2010_3333-5
  • Reference to Windows Script Host high SC_STR_WSCRIPT
    Reference to Windows Script Host

Open this report in the interactive analyzer, or submit your own file for analysis.