popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rovezx.doc

MS_RTF_Obfuscation_Objects doc RTF File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 9, 2023, 4:57 p.m. Aug. 9, 2023, 5:04 p.m.
Size 61.3KB
Type Rich Text Format data, version 1, unknown character set
MD5 4c86d493d7393a80dc6638a810daed30
SHA256 5476cf76d600ffb3bf95b400e39db13fd17acb405acd1216cbe8bcaaa0f5c5cd
CRC32 C16E24A8
ssdeep 1536:FwAlRYcUVEICMCxPAie7tHHi4wviOEAYeV:FwAlSWIDQAie7tHHi4yiOEAnV
Yara
  • Rich_Text_Format_Zero - Rich Text Format Signature Zero
  • SUSP_INDICATOR_RTF_MalVer_Objects - Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents.

Name Response Post-Analysis Lookup
agent.servegame.com
A 192.154.229.70
192.154.229.70
IP Address Status Action
164.124.101.2 Active Moloch
192.154.229.70 Active Moloch
194.55.224.13 Active Moloch
64.188.25.4 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
OleCreateEmbeddingHelper+0x2a1 CreateFileMoniker-0x17de ole32+0x81414 @ 0x74741414
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f8115d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f81155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706be
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 3755760
registers.edi: 1953561104
registers.eax: 3755760
registers.ebp: 3755840
registers.edx: 0
registers.ebx: 6292676
registers.esi: 2147944126
registers.ecx: 367564440
1 0 0

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
CoRegisterMessageFilter+0x5048 ObjectStublessClient5-0x21 ole32+0x3b641 @ 0x746fb641
CoRegisterMessageFilter+0x4ff4 ObjectStublessClient5-0x75 ole32+0x3b5ed @ 0x746fb5ed
CoRegisterMessageFilter+0x4b79 ObjectStublessClient5-0x4f0 ole32+0x3b172 @ 0x746fb172
CoRegisterMessageFilter+0x4075 ObjectStublessClient5-0xff4 ole32+0x3a66e @ 0x746fa66e
ObjectStublessClient31+0x2961c STGMEDIUM_UserUnmarshal-0x92 ole32+0xba68c @ 0x7477a68c
ObjectStublessClient31+0x6776 STGMEDIUM_UserUnmarshal-0x22f38 ole32+0x977e6 @ 0x747577e6
OleCreateEmbeddingHelper+0x344 CreateFileMoniker-0x173b ole32+0x814b7 @ 0x747414b7
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f8115d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f81155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706ba
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 3755452
registers.edi: 1953561104
registers.eax: 3755452
registers.ebp: 3755532
registers.edx: 0
registers.ebx: 6292892
registers.esi: 2147944122
registers.ecx: 367564440
1 0 0
suspicious_features Connection to IP address suspicious_request GET http://194.55.224.13/_errorpages/rove.exe
suspicious_features Connection to IP address suspicious_request GET http://64.188.25.4/gnTHyJvVqELjdK41.bin
domain agent.servegame.com
request GET http://194.55.224.13/_errorpages/rove.exe
request GET http://64.188.25.4/gnTHyJvVqELjdK41.bin
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x65001000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6e201000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x058f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x058f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05900000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05910000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6e141000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6e144000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x507c1000
process_handle: 0xffffffff
1 0 0
Application Crash Process WINWORD.EXE with pid 2548 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
OleCreateEmbeddingHelper+0x2a1 CreateFileMoniker-0x17de ole32+0x81414 @ 0x74741414
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f8115d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f81155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706be
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 3755760
registers.edi: 1953561104
registers.eax: 3755760
registers.ebp: 3755840
registers.edx: 0
registers.ebx: 6292676
registers.esi: 2147944126
registers.ecx: 367564440
1 0 0

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
CoRegisterMessageFilter+0x5048 ObjectStublessClient5-0x21 ole32+0x3b641 @ 0x746fb641
CoRegisterMessageFilter+0x4ff4 ObjectStublessClient5-0x75 ole32+0x3b5ed @ 0x746fb5ed
CoRegisterMessageFilter+0x4b79 ObjectStublessClient5-0x4f0 ole32+0x3b172 @ 0x746fb172
CoRegisterMessageFilter+0x4075 ObjectStublessClient5-0xff4 ole32+0x3a66e @ 0x746fa66e
ObjectStublessClient31+0x2961c STGMEDIUM_UserUnmarshal-0x92 ole32+0xba68c @ 0x7477a68c
ObjectStublessClient31+0x6776 STGMEDIUM_UserUnmarshal-0x22f38 ole32+0x977e6 @ 0x747577e6
OleCreateEmbeddingHelper+0x344 CreateFileMoniker-0x173b ole32+0x814b7 @ 0x747414b7
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f8115d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f81155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706ba
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 3755452
registers.edi: 1953561104
registers.eax: 3755452
registers.ebp: 3755532
registers.edx: 0
registers.ebx: 6292892
registers.esi: 2147944122
registers.ecx: 367564440
1 0 0
file C:\Users\test22\AppData\Local\Temp\~$rovezx.doc
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x000003f4
filepath: C:\Users\test22\AppData\Local\Temp\~$rovezx.doc
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$rovezx.doc
create_options: 4194400 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
filetype_details Rich Text Format data, version 1, unknown character set filename rovezx.doc
host 194.55.224.13
host 64.188.25.4
dead_host 192.154.229.70:20911
Lionic Trojan.MSOffice.CVE-2018-0802.4!c
MicroWorld-eScan Exploit.RTF-ObfsObjDat.Gen
FireEye Exploit.RTF-ObfsObjDat.Gen
CAT-QuickHeal Exp.RTF.Obfus.Gen
McAfee RTFObfustream.c!4C86D493D739
Sangfor Malware.Generic-RTF.Save.8d852815
Arcabit Exploit.RTF-ObfsObjDat.Gen
Cyren RTF/CVE-2017-11882.U.gen!Camelot
Symantec Exp.CVE-2017-11882!g6
Cynet Malicious (score: 99)
Kaspersky HEUR:Exploit.MSOffice.CVE-2018-0802.gen
BitDefender Exploit.RTF-ObfsObjDat.Gen
Tencent Office.Exploit.Cve-2018-0802.Uwhl
Sophos Troj/RTFDl-CKM
F-Secure Heuristic.HEUR/Rtf.Malformed
DrWeb Exploit.CVE-2018-0798.4
VIPRE Exploit.RTF-ObfsObjDat.Gen
TrendMicro HEUR_RTFMALFORM
McAfee-GW-Edition BehavesLike.BadFile.kx
Emsisoft Exploit.RTF-ObfsObjDat.Gen (B)
Ikarus Exploit.CVE-2017-11882
Avira HEUR/Rtf.Malformed
Microsoft Exploit:O97M/CVE-2017-11882.RVCF
ZoneAlarm HEUR:Exploit.MSOffice.CVE-2018-0802.gen
GData Exploit.RTF-ObfsObjDat.Gen
Google Detected
AhnLab-V3 OLE/Cve-2018-0798.Gen
ALYac Exploit.RTF-ObfsObjDat.Gen
Zoner Probably Heur.RTFObfuscation
Rising Exploit.CVE-2017-11882!1.E8F8 (CLASSIC)
MAX malware (ai score=84)
Fortinet MSOffice/CVE_2018_0798.BOR!exploit