Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 14d448236ee3ba5d…

MALICIOUS

Office (OLE) / .DOC

96.5 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0
MD5: fbbee2af7bd31bcdaf59775a7c2f450e SHA-1: 0acfad834fdbfcca6d2662ee011edff1443c640a SHA-256: 14d448236ee3ba5d2c85aed5f5a93783219b9119c346f657070ac10bf8e1dac3
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is a Microsoft Word document that triggers a critical heuristic for CVE-2006-6456, indicating exploitation of a malformed table SPRM vulnerability. This vulnerability allows for arbitrary code execution within the context of the application. No document body or scripts were extracted, limiting further analysis of the payload.

Heuristics 1

  • CVE-2006-6456 — Microsoft Word malformed table SPRM critical CVE exact CVE_2006_6456
    WordDocument contains a malformed table border-color SPRM in the CVE-2006-6456 shape: a valid table-SPRM cluster is followed by an invalid high-byte 0xFF SPRM where Word expects a normal sprmTBrc*Cv record. Vulnerable Word 2000/2002/2003 parsers corrupt memory while handling this malformed data structure.

Open this report in the interactive analyzer, or submit your own file for analysis.