Malicious RTF — malware analysis report

Static analysis result for SHA-256 954d1e568d6a4c76…

MALICIOUS

RTF

1.4 KB
MD5: 75a4406282da61c390d336d0141f5f8d SHA-1: d98379ff239267e39c740ae96a1c5735b825c6e8 SHA-256: 954d1e568d6a4c768f74b6aef1b1166ff293f3d7b7d476610d860017fb8f5dc7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious File

The file is an RTF document containing embedded PHP code. The PHP code attempts to execute system commands using functions such as exec and shell_exec, and checks for 'uid' or 'Windows' to determine server security status. This indicates an attempt to exploit server-side vulnerabilities for command execution. The presence of a PHP shell script suggests a web shell delivery or exploitation attempt.

Heuristics 1

  • ClamAV: Win.Trojan.ShellExec-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.ShellExec-1

Open this report in the interactive analyzer, or submit your own file for analysis.