Malicious RTF — malware analysis report

Static analysis result for SHA-256 d0614bbc6a077fb6…

MALICIOUS

RTF

100.7 KB First seen: 2015-09-26
MD5: 755aa1649c5ec0da4197ee0060a4a7fa SHA-1: 8984a1fe4e1c0db6a6e8c8fb2185aa45b9f891f8 SHA-256: d0614bbc6a077fb68eae7277763e6ba85904b187b734b44165c8fa7d5d9e1de7
120 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is an RTF document that triggers a critical heuristic for CVE-2010-3333, a known stack overflow vulnerability. This exploit allows for arbitrary code execution, indicating a malicious intent to compromise the system. No further stages or specific family indicators were identified.

Heuristics 2

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • ClamAV: BC.Legacy.Exploit.CVE_2010_3333-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2010_3333-5

Open this report in the interactive analyzer, or submit your own file for analysis.