Win.Trojan.Cap-1 Office (OLE) / .DOC malware analysis — malicious · 03ec8d641d3e1871

MALICIOUS

Office (OLE) / .DOC

162.5 KB Created: 1997-07-08 16:34:00 Authoring application: Microsoft Word 6.0

MD5: 8b0c317ae4a53807689c6da454dbd7ab SHA-1: 7a66921f185a85c13c000c8a6b34e994c8ab6c9d SHA-256: 03ec8d641d3e187138fbf0bc0847c7a2423a7821a9da7ef3f937e42f9aa44f85

100 Risk Score

Malware Insights

Win.Trojan.Cap-1 · confidence 95%

MITRE ATT&CK

T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Win.Trojan.Cap-1. Static analysis revealed a large slack space anomaly within the OLE structure, often indicative of packed or obfuscated malicious code. The document body content appears to be technical text related to numerical methods, which may serve as a lure to distract from the malicious payload.

Heuristics 2

ClamAV: Win.Trojan.Cap-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Cap-1
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 166,400 bytes but its declared streams total only 73,871 bytes — 92,529 bytes (56%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.