Malicious RTF / .DOCX — malware analysis report

Static analysis result for SHA-256 f5f9e268734b4483…

MALICIOUS

RTF / .DOCX

70.1 KB Created: 2010-12-06 10:26:00 Authoring application: Microsoft Word 11.0.5604
MD5: a19a0996923933a1c32a72d770f47857 SHA-1: 49b863f6c729b94e748f1a3763fa8c662d53ca36 SHA-256: f5f9e268734b4483061590e5a9f520b831ddb79cc5b0d0db0b9ad2b43c27c698
120 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is an RTF document that triggers a critical heuristic for CVE-2010-3333, a known stack overflow vulnerability. This indicates the file is designed to exploit this vulnerability for code execution upon opening.

Heuristics 2

  • CVE-2010-3333 — pFragments RTF stack overflow critical CVE exact CVE_2010_3333
    RTF shape property pFragments has an oversized value, matching the CVE-2010-3333 stack-overflow trigger in Microsoft Word 2002/2003.
  • ClamAV: BC.Legacy.Exploit.CVE_2010_3333-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: BC.Legacy.Exploit.CVE_2010_3333-5

Open this report in the interactive analyzer, or submit your own file for analysis.