Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 245ff596d4b64674…

MALICIOUS

Office (OLE) / .PPT

79.0 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft PowerPoint First seen: 2026-05-16
MD5: 72df736369110e706e12db11e1c6a92f SHA-1: d7c3e56bb4b2268580f666507d45b7c6aa83ec91 SHA-256: 245ff596d4b6467420cd488dbc7f6fa098ef4bd6996b035b0dc62d8a90c55a28
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1204.002 Malicious Link: Malicious File

The sample is a PowerPoint file that contains a critical heuristic indicating the exploitation of CVE-2006-3877, a vulnerability related to malformed records in PowerPoint files. While VBA macros could not be extracted due to an unsupported format, the presence of this exploit suggests the file is designed to deliver a malicious payload upon opening. The embedded URL heuristic further supports the likelihood of a delivery mechanism.

Heuristics 1

  • CVE-2006-3877 — PowerPoint malformed record payload critical CVE likely CVE_2006_3877
    PowerPoint OLE file declares a malformed large numbered Table stream that cannot be read through the CFB chain, while the carved stream bytes contain a encoded shellcode payload. This is the static shape of the PowerPoint malformed-record exploit family fixed as CVE-2006-3877.

Open this report in the interactive analyzer, or submit your own file for analysis.