Office (OLE) / .DOC malware analysis — malicious · 2b889b00cb7e5f09

MALICIOUS

Office (OLE) / .DOC

147.0 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0

MD5: 132ad5fdadb6144f408afc3353315ec8 SHA-1: 500e1f13f8796dae04bbfa2e3ec477e4ee2fdfd6 SHA-256: 2b889b00cb7e5f0973a919f412f38c22c8a0d17239a6590d246aa14c269c25ac

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1218 Signed Binary Proxy Execution T1071 Web Protocol

The sample exhibits high-confidence heuristic firings for LoadLibrary and GetProcAddress API calls, strongly indicating dynamic code loading. The document body is heavily obfuscated, preventing a clear understanding of its direct user-facing purpose. However, the API references suggest a downloader or loader functionality. No scripts were extracted, and the only URL found was confirmed benign.

Heuristics 3

Reference to LoadLibrary API high SC_STR_LOADLIBRARY

Reference to LoadLibrary API
Reference to GetProcAddress API high SC_STR_GETPROCADDRESS

Reference to GetProcAddress API
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main

Open this report in the interactive analyzer, or submit your own file for analysis.