Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 18c60472c3ad54a4…

MALICIOUS

Office (OLE)

117.5 KB Created: 2012-05-09 04:29:00 Authoring application: Microsoft Office Word First seen: 2014-03-15
MD5: b25684e320f5357f85aa3d1146953d2d SHA-1: b506e371401fac40fd01a92080752cb7adefcc3d SHA-256: 18c60472c3ad54a4dffb18df057c9475be8e1c843f72c4570eacca37c98232e3
200 Risk Score

Heuristics 4

  • MSCOMCTL.ListView — CVE-2012-0158 high CVE likely CVE_2012_0158
    MSCOMCTL.ListView — CVE-2012-0158
  • ClamAV: Doc.Dropper.Agent-7145911-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-7145911-0
  • XOR-encoded strings (key 0xE6) critical SC_XOR_ENCODED
    Found 1 Windows library/API name(s) XOR-encoded with single-byte key 0xE6: 'shlwapi.dll'
    Disassembly hidden — these bytes score as data, not coherent x86 code (1/1 branch targets land on an instruction boundary (100% coherence)).
  • NOP sled detected high SC_NOP_SLED
    Found 20+ consecutive 0x90 bytes
    Disassembly hidden — these bytes score as degenerate, not coherent x86 code (single mnemonic 'add' is 62% of instructions — a sled or padding/filler run, not program logic).

Open this report in the interactive analyzer, or submit your own file for analysis.