rtfdump is a tool I developed to help me analyze (malicious) RTF files. If you just want to extract embedded objects from RTF files, you can use rtfobj. But if you want to perform more analysis, you can use rtfdump. For example, it supports YARA rules.

To familiarize you with rtf files and their analysis, I made 3 videos.

An intro video.

A video analyzing RTF maldoc (MD5 07884483f95ae891845caf0d50ce507f) that contains an exploit for MS12-027 CVE-2012-0158.

And a video analyzing RTF maldoc (MD5 4483ad299158eb54f6ff58b5346a36ee) that contains an exploit for MS10-087 CVE-2010-3333.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com


677 Posts
ISC Handler
Aug 6th 2016

Sign Up for Free or Log In to start participating in the conversation!