Office (OLE) malware analysis — malicious · 06b7504402822fb9

MALICIOUS

Office (OLE)

143.0 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: cd969da4bd47e4e97ccaf6957132dff9 SHA-1: da5b8a868741d3990db21b0aa9792d9e8afa0c16 SHA-256: 06b7504402822fb9263ca05c7f5574b1109678455c1f562374fc705b3f3b3c78

80 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution

The sample exhibits high-risk heuristics related to PEB access and a large amount of slack space within the OLE structure, indicative of obfuscation or embedded malicious content. While no document body or scripts were clearly extracted, these indicators suggest the file is designed to exploit a client vulnerability to execute further malicious code.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 146,432 bytes but its declared streams total only 16,486 bytes — 129,946 bytes (89%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.