Office (OLE) / .DOC malware analysis — malicious · 2da26cc597651702

MALICIOUS

Office (OLE) / .DOC

96.5 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0

MD5: 68a4586f6f15b66d02567b9f4f2cee26 SHA-1: e71cd8f207eec3c028692403f00840f61f73ca2e SHA-256: 2da26cc597651702b984dd501463ef084805b277ed5a1a3dae909ddf87b823fa

62 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The critical heuristic firing for CVE-2006-6456 indicates that the document is malformed to exploit a specific vulnerability in Microsoft Word. This vulnerability allows for arbitrary code execution when the document is opened. No VBA macros were extractable, but the exploit itself is sufficient for malicious execution.

Heuristics 2

CVE-2006-6456 — Microsoft Word malformed table SPRM critical CVE exact CVE_2006_6456

WordDocument contains a malformed table border-color SPRM in the CVE-2006-6456 shape: a valid table-SPRM cluster is followed by an invalid high-byte 0xFF SPRM where Word expects a normal sprmTBrc*Cv record. Vulnerable Word 2000/2002/2003 parsers corrupt memory while handling this malformed data structure.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.