Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 057b91bd43d230a9…

MALICIOUS

Office (OLE) / .DOC

148.5 KB Created: 1997-04-08 16:17:00 Authoring application: Microsoft Word for Windows 95
MD5: fa8b8ba6b1a734c43c6905f9afee993c SHA-1: 767cf784ed7d82e6984f1b29bd655b8a6188dc88 SHA-256: 057b91bd43d230a9c6540995bd8ee70899a3eb99cdb39eecd9e21b0d59a34934
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is a Microsoft Word 95 document that exploits CVE-2017-0261/0262 via its EPS image filter. This vulnerability allows for arbitrary code execution when the document is opened. No document body content or scripts were available for further analysis, but the heuristic firing strongly indicates a client-side exploit.

Heuristics 1

  • CVE-2017-0261/0262 — EPS image filter in OLE document critical CVE related CVE_2017_0261
    Document references EPSIMP32 (EPS image filter) or contains PostScript — CVE-2017-0261 and CVE-2017-0262 exploit the Windows EPS image filter to achieve arbitrary code execution; used in targeted APT campaigns

Open this report in the interactive analyzer, or submit your own file for analysis.