Malicious RTF — malware analysis report

Static analysis result for SHA-256 d612bedfbead7cbb…

MALICIOUS

RTF

78.2 KB First seen: 2026-06-17
MD5: 3f31b19bb42cbfe7fcd2dd138a0ad655 SHA-1: 47d6dcb773ecac0ff79ccdd2d47ee1569625c1e6 SHA-256: d612bedfbead7cbbcbffef26e12811fd9dc4436cc3068f60af3882c87fc5560d
60 Risk Score

Heuristics 2

  • \objupdate forces OLE activation high RTF_OBJUPDATE
    RTF contains \objupdate — forces automatic OLE object instantiation when the document is opened, bypassing user interaction. Almost exclusively seen in Equation Editor exploit documents.
  • OLE object data medium RTF_OBJDATA
    RTF contains 1 \objdata section(s) — embedded OLE objects

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objdata_00_off00002004.bin rtf-objdata-decoded RTF \objdata at offset 0x2004 4251 bytes
SHA-256: aeebe2f2a8ec3b39bace82f6a3c6a52ea9ed387f2d89c44ce20e882008b7cab6