Malicious RTF — malware analysis report

Static analysis result for SHA-256 b31dfa78bd51014e…

MALICIOUS

RTF

47.7 KB First seen: 2015-09-16
MD5: 5718f33fd855018319370e12b787e436 SHA-1: f01d7c8d88fa5f285e38f70cba8d3d96747d4997 SHA-256: b31dfa78bd51014e198227e40161119d5e21a1bdc83732ca974efc0afe26cce8
120 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is an RTF document that triggers a critical heuristic for CVE-2010-3333, a known stack buffer overflow vulnerability. This indicates the file is designed to exploit this vulnerability for client-side execution. No further details on payload or family could be determined from the provided evidence.

Heuristics 2

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • ClamAV: BC.Legacy.Exploit.CVE_2010_3333-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2010_3333-5

Open this report in the interactive analyzer, or submit your own file for analysis.