MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
T1566.001 Spearphishing Attachment
The RTF file contains OLE object data and triggers heuristics related to CVE-2012-158/CVE-2012-1856, indicating exploitation of a vulnerability in MSCOMCTL.Toolbar. This suggests the file is designed to execute arbitrary code when opened, likely delivered via spearphishing.
Heuristics 2
-
MSCOMCTL.Toolbar — CVE-2012-0158 / CVE-2012-1856 high CVE_2012_1856RTF \objdata decodes to OLE data containing the MSCOMCTL.Toolbar — CVE-2012-0158 / CVE-2012-1856 CLSID — the vulnerable control/moniker is embedded directly in the document's object stream, the delivery shape of this exploit. RTF objects auto-render when Word opens the file.
-
OLE object data medium RTF_OBJDATARTF contains 1 \objdata section(s) — embedded OLE objects
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off00000a4f.bin |
rtf-objdata-decoded | RTF \objdata at offset 0xA4F | 8423 bytes |
SHA-256: d3c87e87db8b0e72e2e13517b36df99fe5f79587816081838b711eb1b109ebe1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.