Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 1e7d69c9f0e49815…

MALICIOUS

Office (OLE)

30.0 KB Created: 1998-09-09 12:09:00 Authoring application: Microsoft Word 6.0
MD5: 2cab37f2dde7a50ea56aebe74e06c14d SHA-1: e594316c715d9246e0746ba226c04e613bd7df0f SHA-256: 1e7d69c9f0e4981525098c1b5f7944462d3c8e3fb318ae7fece9e35a6a80a5d7
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is detected as Win.Trojan.Cap-1 by ClamAV, indicating malicious intent. The document body discusses legal repercussions for undocumented work in Israel, which appears to be a social engineering lure. The OLE slack anomaly suggests potential obfuscation or embedded malicious content. No scripts were extracted from this sample.

Heuristics 2

  • ClamAV: Win.Trojan.Cap-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Cap-1
  • OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY
    OLE file is 30,720 bytes but its declared streams total only 14,208 bytes — 16,512 bytes (54%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.