Malicious RTF — malware analysis report

Static analysis result for SHA-256 dbfa530321052ec0…

MALICIOUS

RTF

440.4 KB Created: 2010-11-29 16:43:00 First seen: 2015-09-27
MD5: 7acfdbaaba6d65eb7f71f6ee454325aa SHA-1: 299bc7d358904fe95f7140faf361aea266c02ea3 SHA-256: dbfa530321052ec0b4750739cf263be49ebef363bd5e90f8e109fb915273d2cb
62 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The RTF document contains a critical heuristic firing for CVE-2010-3333, a known stack overflow vulnerability. This indicates the file is designed to exploit this vulnerability to gain code execution. No other malicious indicators were found, and the document body was truncated, preventing further analysis of its specific lure.

Heuristics 2

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ns.adobe.com/xap/1.0/ In RTF body
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In RTF body
    • http://ns.adobe.com/pdf/1.3/In RTF body
    • http://purl.org/dc/elements/1.1/In RTF body
    • http://ns.adobe.com/xap/1.0/mm/In RTF body
    • http://ns.adobe.com/xap/1.0/sType/ResourceRef#In RTF body
    • http://ns.adobe.com/tiff/1.0/In RTF body
    • http://ns.adobe.com/exif/1.0/In RTF body
    • http://ns.adobe.com/photoshop/1.0/In RTF body
    • http://www.iec.chIn RTF body
    • http://schemas.openxmlformats.org/drawingml/2006/mainIn RTF body
    • http://schemas.microsoft.com/office/word/2003/wordmlIn RTF body

Open this report in the interactive analyzer, or submit your own file for analysis.