Office (OLE) / .DOC malware analysis — malicious · 19d31c57e660c9ac

MALICIOUS

Office (OLE) / .DOC

154.5 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: 8851e4d60f0c70be555acd23ea7cc663 SHA-1: b15665ffc58eb6cffda1ee30b5ff4835ea6226b3 SHA-256: 19d31c57e660c9acd4100002c8650001b234ca6016c73da5e775993bfa459e3e

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file exhibits characteristics of a malicious document, including a significant amount of slack space and a detected NOP sled, which are often used to obfuscate malicious payloads. While no specific document body content or scripts were clearly extracted for analysis, these structural anomalies strongly suggest an exploit attempt. The lack of clear script content or document body text limits the ability to determine the exact family or precise attack vector.

Heuristics 2

NOP sled detected high SC_NOP_SLED

Found 20+ consecutive 0x90 bytes
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 158,216 bytes but its declared streams total only 16,486 bytes — 141,730 bytes (90%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.