Malicious RTF — malware analysis report

Heuristics 3

• \objupdate forces OLE activation high RTF_OBJUPDATE
  RTF contains \objupdate — forces automatic OLE object instantiation when the document is opened, bypassing user interaction. Almost exclusively seen in Equation Editor exploit documents.
• OLE object data medium RTF_OBJDATA
  RTF contains 1 \objdata section(s) — embedded OLE objects
• Embedded OLE object medium RTF_OBJEMB
  RTF contains \objemb — embedded OLE object

Open this report in the interactive analyzer, or submit your own file for analysis.