Malicious RTF / .JPG — malware analysis report

Static analysis result for SHA-256 f9d2fec61a419106…

MALICIOUS

RTF / .JPG

80.2 KB Authoring application: Msftedit 5.41.15.1515
MD5: ec56069f85753346c6203a48eac5bda7 SHA-1: eeb4add220b6dbdf8e0c59bcb716e47563fc4d20 SHA-256: f9d2fec61a419106b081238cf9b5c8ba126c0d6918b0eb6a48e5a70d422ae222
140 Risk Score

Malware Insights

MITRE ATT&CK
T1559.002 Component Object Model Hijacking T1204.002 Malicious File

The RTF file contains embedded OLE object data, specifically identified as a package object. Within this data, a PE header (MZ) was detected in hex, indicating the presence of an executable. This suggests the RTF is a container designed to deliver a malicious executable to the user.

Heuristics 4

  • PE header (with DOS stub) in hex data critical RTF_MZ_HEX
    Hex-encoded PE (MZ + DOS stub) found inside RTF — likely an embedded executable payload
  • Package object class high RTF_OBJCLASS_PACKAGE
    OLE Package object — can wrap arbitrary files
  • OLE object data medium RTF_OBJDATA
    RTF contains 1 \objdata section(s) — embedded OLE objects
  • Embedded OLE object medium RTF_OBJEMB
    RTF contains \objemb — embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objdata_00_off000000cf.bin
b20affe88745a982c54c191b173bb4f71725089bf9c8d0dda27495941f7685c1		 rtf-objdata-decoded RTF \objdata at offset 0xCF 36160 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.