Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 1adcd872205cff67…

MALICIOUS

Office (OLE) / .DOC

58.5 KB Created: 2010-04-09 10:48:00 Authoring application: Microsoft Office Word
MD5: 3498a29c1f13fad824c118b4e9805282 SHA-1: f41c98b1fc56bc127caec6f54ce9b41c10325034 SHA-256: 1adcd872205cff67ee48cd6a453fe156689e7da373063af74027ce14b7ea03de
162 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is a malicious OLE document containing an embedded package named 'ole10native_00.bin'. Heuristics indicate potential exploitation of CVE-2026-21514 and the use of Windows API functions like VirtualAlloc, VirtualProtect, LoadLibrary, and GetProcAddress, suggesting the embedded object is designed to load and execute malicious code. The confidence is moderate due to the lack of specific script content to confirm the exact execution flow.

Heuristics 6

  • OLE with Ole10Native — possible CVE-2026-21514 exploitation high CVE likely CVE_2026_21514
    Document contains a Word OLE object with Ole10Native plus executable, PE, or risky remote-link indicators. CVE-2026-21514 exploits OLE metadata validation; this stronger structure is treated as likely exploitation.
  • Reference to LoadLibrary API high SC_STR_LOADLIBRARY
    Reference to LoadLibrary API
  • Reference to GetProcAddress API high SC_STR_GETPROCADDRESS
    Reference to GetProcAddress API
  • Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC
    Reference to VirtualAlloc API
  • Reference to VirtualProtect API medium SC_STR_VIRTUALPROTECT
    Reference to VirtualProtect API
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ole10native_00.bin
a89d0c0212e88622ae23484ea954cc127b740511258526b5960b4fd6cd62c1ba		 ole-package OLE Ole10Native stream: ObjectPool/_1332337678/Ole10Native 43627 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.64, consistent with packed or encrypted content.

Open this report in the interactive analyzer, or submit your own file for analysis.