RTF malware analysis — malicious · f6ad201d65b349b0

MALICIOUS

RTF

203.0 KB Created: 2015-11-17 15:29:00 First seen: 2020-12-25

MD5: 5882a8dd4446abd137c05d2451b85fea SHA-1: 512bdfe937314ac3f195c462c395feeb36932971 SHA-256: f6ad201d65b349b022f2ce4e4d436828b72eaa8c299e9924e51ee72f7c3257c0

62 Risk Score

Heuristics 3

URL Moniker in RTF OLE object high CVE related RTF_URL_MONIKER_RELATED

RTF contains a URL Moniker GUID in OLE object context, but no decoded remote target was confirmed. Treat as related OLE2Link attack-surface evidence rather than proof of CVE-2017-0199 exploitation.
OLE object data medium RTF_OBJDATA

RTF contains 1 \objdata section(s) — embedded OLE objects
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://schemas.microsoft.com/office/word/2003/wordml}{ In RTF body
- http://www.adobe.com/2006/flex/mx/internalIn RTF body
- http://adobe.com/AS3/2006/builtinIn RTF body

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`objdata_00_off0000b313.bin`	rtf-objdata-decoded	RTF \objdata at offset 0xB313	6902 bytes
SHA-256: `8543cf311d74d80ab3fd876d407e30805f5fec4d960ecc40a94db15def1b79f6`

Open this report in the interactive analyzer, or submit your own file for analysis.