Office (OLE) / .DOC malware analysis — malicious · 2a198e78a4441ba0

MALICIOUS

Office (OLE) / .DOC

127.1 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: 34af52286098c65a01dd7f7d05d8fe48 SHA-1: dadb23a6735d91abb9f9a212213a7e984e1b21cb SHA-256: 2a198e78a4441ba024766ae51019ede0d44f662103bd4981b32e3c357c40b917

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is a malicious OLE document exhibiting a large slack space anomaly, suggesting hidden or packed content. The PEB access heuristic indicates potential anti-analysis or evasion techniques. While no explicit script was extracted, the document structure and heuristics suggest it's designed to exploit a vulnerability, likely to download and execute a second-stage payload. The SHA256 hash is included as a primary IOC.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 130,112 bytes but its declared streams total only 16,486 bytes — 113,626 bytes (87%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.