Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 044375eeafb0b706…

MALICIOUS

Office (OLE)

32.3 KB Created: 2012-11-23 04:35:00 Authoring application: Microsoft Office Word First seen: 2015-10-13
MD5: bee6ca093f0f2cdbd27969e9f4f1d9a0 SHA-1: 25d53c1e6f763969a8794dc8e8a89bb2b249e049 SHA-256: 044375eeafb0b70668033088e4fe3d57604ca989752066d5e88ca56bb7f40464
142 Risk Score

Heuristics 4

  • MSCOMCTL.Toolbar — CVE-2012-0158 / CVE-2012-1856 high CVE likely CVE_2012_1856
    MSCOMCTL.Toolbar — CVE-2012-0158 / CVE-2012-1856
  • ClamAV: Doc.Exploit.Agent-1388627 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Exploit.Agent-1388627
  • NOP sled detected high SC_NOP_SLED
    Found 20+ consecutive 0x90 bytes
    Disassembly hidden — these bytes score as data, not coherent x86 code (1/1 branch targets land on an instruction boundary (100% coherence)).
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.