Office (OOXML) malware analysis — malicious · 28d61d2ec012f323

MALICIOUS

Office (OOXML)

384.0 KB Authoring application: Microsoft Office PowerPoint 12.0000 First seen: 2021-01-23

MD5: 8731f1171de6f68a79039220f28da9e4 SHA-1: 6194aaf1142568352f21390f8a9dfc7eb5f0ad1b SHA-256: 28d61d2ec012f3239af1f5318e5a7493dc4a2a5f43702eac7cbbb930681633d8

60 Risk Score

Heuristics 2

Ole10Native package carries executable/script file type high OFFICE_PACKAGE_RISKY_FILE

OLE Package displayName or fullPath ends in an executable or script-capable extension. Even without UI extension spoofing, embedding a runnable payload inside an Office document is a high-risk delivery pattern.
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin`	ooxml-ole-object	OOXML embedded OLE part: ppt/embeddings/olee.bin	3072 bytes
SHA-256: `831182a43abba5008a2833fcc459d2c919980dd341d0fe9d1dcfa05a55ea118b`
`ooxml_oleobject_00_ole10native_00.bin`	ole-package	OOXML ppt/embeddings/olee.bin Ole10Native stream: Ole10NATIVE	556 bytes
SHA-256: `86dc517eb8624602f1acd37e96e34a83e09e421703b924c21da58d5d934f3501`

Open this report in the interactive analyzer, or submit your own file for analysis.