Office (OLE) / .DOC malware analysis — malicious · 2cecf269f79adba4

MALICIOUS

Office (OLE) / .DOC

145.5 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0

MD5: 8aecdbba660fc84b75dc8f570c5beeda SHA-1: 973fd6b6a488328b3396d9adc843e0ad0d0a472d SHA-256: 2cecf269f79adba474afe96494107fba87f407ededd261d55e597f62b2fa4626

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File T1027 Obfuscated Files or Information

The sample exhibits high-confidence heuristic firings for SC_STR_VIRTUALPROTECT, SC_STR_LOADLIBRARY, and SC_STR_GETPROCADDRESS. These API calls are commonly used by malware to dynamically load and execute code. The heavily obfuscated document body further suggests an attempt to conceal malicious activity, likely involving the execution of a second-stage payload. No specific IOCs were extracted, and the document body was unreadable.

Heuristics 3

Reference to LoadLibrary API high SC_STR_LOADLIBRARY

Reference to LoadLibrary API
Reference to GetProcAddress API high SC_STR_GETPROCADDRESS

Reference to GetProcAddress API
Reference to VirtualProtect API medium SC_STR_VIRTUALPROTECT

Reference to VirtualProtect API

Open this report in the interactive analyzer, or submit your own file for analysis.