Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 215da4aa3f523a6f…

MALICIOUS

Office (OLE)

30.5 KB Created: 1998-05-04 16:40:00 Authoring application: Microsoft Word for Windows 95
MD5: 9c373550152f905b12f79968fd0c4139 SHA-1: 8298536b3e7cd00b858c445c44050f134fc653d3 SHA-256: 215da4aa3f523a6f756efe274ec9da402157efcdd5f63f992db93d5279b5805d
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter

The file is identified as malicious by ClamAV with the signature Win.Trojan.Cap-1. The OLE slack space anomaly suggests potential obfuscation or embedded malicious content. The document body appears to be a project description, likely a lure to encourage the user to open and interact with the malicious content.

Heuristics 2

  • ClamAV: Win.Trojan.Cap-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Cap-1
  • OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY
    OLE file is 31,232 bytes but its declared streams total only 13,626 bytes — 17,606 bytes (56%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.