Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 1948bf78bc57607c…

MALICIOUS

Office (OLE) / .PPT

921.5 KB Created: 2008-01-27 01:25:33 Authoring application: Microsoft PowerPoint
MD5: e8e66e4a9d70bde3251e81d54d3d3a9e SHA-1: 99e03cee06ceac9c612f1e3eb4d2dac804818661 SHA-256: 1948bf78bc57607c4682b95fd52da16da3f6b0e795aeab74c301b94bacc2a1a5
62 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV with the signature Ppt.Exploit.Apptom-10029459-0, indicating it exploits a known vulnerability in Microsoft PowerPoint. Although VBA macros could not be extracted due to an unsupported format, the ClamAV detection strongly suggests an exploit is present. The document body contains garbled text, offering no further clues to the specific lure.

Heuristics 2

  • ClamAV: Ppt.Exploit.Apptom-10029459-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Ppt.Exploit.Apptom-10029459-0
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (error); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.