MALICIOUS
102
Risk Score
Heuristics 4
-
ClamAV: Doc.Exploit.DDEautoexec-6346603-1 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Exploit.DDEautoexec-6346603-1
-
OLE object data medium RTF_OBJDATARTF contains 10 \objdata section(s) — embedded OLE objects
-
Embedded OLE object medium RTF_OBJEMBRTF contains \objemb — embedded OLE object
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2003/wordml In RTF body
Extracted artifacts 10
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off000035bf.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x35BF | 19505 bytes |
SHA-256: a4035b6afdb8473ddbc4306c5a6f8eef058b4ca964e773a198489581689fee1f |
|||
objdata_01_off0000eae0.bin |
rtf-objdata-decoded | RTF \objdata at offset 0xEAE0 | 19505 bytes |
SHA-256: 67880ab3474462f386fe05c4999c5dacea97c1c8ad095f379ddb863519097011 |
|||
objdata_02_off0001a001.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x1A001 | 19505 bytes |
SHA-256: 2911db357a27ecdc95a453eb8b9127bc7b83910468718ca4030f08c634eed135 |
|||
objdata_03_off00025522.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x25522 | 19505 bytes |
SHA-256: a92fabd6776d2e1bcb5ce3b27f16c7a0d4ed1faffb9e0e5cc8687868e3c3a51c |
|||
objdata_04_off00030a43.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x30A43 | 19505 bytes |
SHA-256: 6d847011c4cc0ccbd5537cf6918fb66b59b69c06ff68615d9c11829e4ea0454c |
|||
objdata_05_off0003bf64.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x3BF64 | 19505 bytes |
SHA-256: 6d999c7103aa866b0259164c2f54ed47162e93e58a5c2b29ce275e0d645c789f |
|||
objdata_06_off00047485.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x47485 | 19505 bytes |
SHA-256: b27b2fee54eb6460dadd98aed1f5e0f364f4f575d84232a0b02ef1519f03065e |
|||
objdata_07_off000529a6.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x529A6 | 19505 bytes |
SHA-256: 35ad3dce30e634d70e12b177b31669e0739a7a3ee4ab9ab9c00f0ed86ce95160 |
|||
objdata_08_off0005dec5.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x5DEC5 | 19505 bytes |
SHA-256: 309b91a077caabd08544a17039981b2306cadb76b9e8c22bccadef66e416355b |
|||
objdata_09_off000693e6.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x693E6 | 19505 bytes |
SHA-256: 30019e95d42a8b0441b9bbc2bf9a2407d8976de7bf3862e3700d8ac2e02d2042 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.