RTF malware analysis — malicious · c11dbecc0bf502c1

MALICIOUS

RTF

114.2 KB Authoring application: Msftedit 5.41.15.1515 First seen: 2012-06-14

MD5: 4f57d9fb7123393d33dfe6dfad0a61f9 SHA-1: d61e4a8ffd33f81ad9d4aa7d19cc2d3f0332d876 SHA-256: c11dbecc0bf502c16530a3a9860bd43e3ef8032028cf4ce3facc4e8870e881f7

80 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution

The sample contains references to LoadLibrary and GetProcAddress APIs, indicating it likely attempts to load and execute code. The presence of embedded JavaScript further suggests an attempt to execute malicious scripts. While the exact exploit or payload is not fully discernible from the provided RTF content, the overall structure points towards a client-side exploit for code execution.

Heuristics 2

Reference to LoadLibrary API high SC_STR_LOADLIBRARY

Reference to LoadLibrary API
Reference to GetProcAddress API high SC_STR_GETPROCADDRESS

Reference to GetProcAddress API

Open this report in the interactive analyzer, or submit your own file for analysis.