RTF malware analysis — malicious · b3d6d931a4d27904

MALICIOUS

RTF

203.0 KB Created: 2015-11-17 15:29:00 First seen: 2020-12-25

MD5: 8c3f5f1fff999bc783062dd50357be79 SHA-1: 58e30c466d46706d32e0c8cc543a8abfa47af490 SHA-256: b3d6d931a4d27904abdfa81300724ae83069495cf49d1992507522a5aa0bafba

62 Risk Score

Heuristics 3

URL Moniker in RTF OLE object high CVE related RTF_URL_MONIKER_RELATED

RTF contains a URL Moniker GUID in OLE object context, but no decoded remote target was confirmed. Treat as related OLE2Link attack-surface evidence rather than proof of CVE-2017-0199 exploitation.
OLE object data medium RTF_OBJDATA

RTF contains 1 \objdata section(s) — embedded OLE objects
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://schemas.microsoft.com/office/word/2003/wordml}{ In RTF body
- http://www.adobe.com/2006/flex/mx/internalIn RTF body
- http://adobe.com/AS3/2006/builtinIn RTF body

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`objdata_00_off0000b313.bin`	rtf-objdata-decoded	RTF \objdata at offset 0xB313	6902 bytes
SHA-256: `8543cf311d74d80ab3fd876d407e30805f5fec4d960ecc40a94db15def1b79f6`

Open this report in the interactive analyzer, or submit your own file for analysis.