Office (OLE) / .DOC malware analysis — malicious · 1b1526abe9646b44

MALICIOUS

Office (OLE) / .DOC

99.4 KB Created: 2009-05-15 02:00:00 Authoring application: Microsoft Word 9.1

MD5: 3f8eadaa103148ba958d7629af00e777 SHA-1: 06f5a59f0b3558e591200e9bd97079d93392c735 SHA-256: 1b1526abe9646b44813e79b5a16000f9b9666dc6492a3b9a9d8be2ddd0a15f68

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is identified as malicious due to high-severity heuristics indicating malformed OLE structures and a large slack space anomaly. These indicators suggest the document may be intentionally crafted to evade detection or exploit parsing vulnerabilities. No specific attack pattern or malware family can be confidently determined from the available evidence.

Heuristics 2

x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EDI)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 101,759 bytes but its declared streams total only 8,934 bytes — 92,825 bytes (91%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.