Malicious RTF — malware analysis report

Static analysis result for SHA-256 876638d1acfa4963…

MALICIOUS

RTF

10.6 KB First seen: 2021-01-23
MD5: a027c4b61505acf2f471567a9cf0c6e7 SHA-1: 565eeef499a3b0d77acc5a4958981ad2d54b2c0c SHA-256: 876638d1acfa4963aeca4b6ee4f33083a91c06a4917d576e0629172711906fd7
100 Risk Score

Heuristics 3

  • Equation Editor CLSID critical CVE likely RTF_EQUATION_EDITOR
    Equation Editor OLE CLSID found inside an OLE object — exploited by CVE-2017-11882 / CVE-2018-0802 / CVE-2018-0798
  • OLE object data medium RTF_OBJDATA
    RTF contains 1 \objdata section(s) — embedded OLE objects
  • Embedded OLE object medium RTF_OBJEMB
    RTF contains \objemb — embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objdata_00_off00000032.bin rtf-objdata-decoded RTF \objdata at offset 0x32 3608 bytes
SHA-256: 75fde0feae3db6699d452349248cb43eaed014a73ecd2cbb7844facb11d219b0

Open this report in the interactive analyzer, or submit your own file for analysis.