Malicious RTF — malware analysis report

Static analysis result for SHA-256 ccd9000a745e30c6…

MALICIOUS

RTF

100.7 KB First seen: 2015-09-27
MD5: 73e2799d9ec2d45e25fe37e8467828f0 SHA-1: a5c7b2fed4439ecb7ab80c29082ff58387381a8d SHA-256: ccd9000a745e30c64e28044e495a0639ad243c0e639d2360dea39673ce0a4557
120 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is an RTF file that triggers a critical heuristic for CVE-2010-3333, a known stack overflow vulnerability. This indicates the file is designed to exploit this vulnerability for code execution. No other specific indicators or payloads were identified.

Heuristics 2

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • ClamAV: BC.Legacy.Exploit.CVE_2010_3333-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2010_3333-5