Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 1cf30f8b1411be41…

MALICIOUS

Office (OLE) / .DOC

73.0 KB
MD5: b60770a356f2e4a51f225a0f2824d5c8 SHA-1: c396a77da40514efd2c19761326f041a65efe712 SHA-256: 1cf30f8b1411be41f419d615d1a4b4a707048aff2622bf366b5a051ab2722a7e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is a Microsoft Word document that triggers the CVE-2006-2492 vulnerability. This exploit allows for arbitrary code execution within the context of the vulnerable Word application. No further details on the payload or delivery mechanism were extracted.

Heuristics 1

  • CVE-2006-2492 — Microsoft Word malformed object pointer exploit critical CVE likely CVE_2006_2492
    Word OLE document has the CVE-2006-2492-era exploit shape: malformed compound-file object pointers and an impossible WordDocument stream size drive parser divergence, while unreferenced sectors contain rotate-decoded Win32 shellcode that removes Word Resiliency/StartupItems registry keys.

Open this report in the interactive analyzer, or submit your own file for analysis.