Office (OLE) / .DOC malware analysis — malicious · 2fdbd515c7c122e5

MALICIOUS

Office (OLE) / .DOC

26.5 KB Created: 1986-05-09 13:52:00 Authoring application: Microsoft Word 6.0

MD5: 2cfe598af32274b1546d7ce585772ab7 SHA-1: b18f9221322b4618102b7625f0ae4ef50741a3e1 SHA-256: 2fdbd515c7c122e559e14d7bf284ad7a36dc4ae8bcdaf77076f5f5edec15c917

100 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The file is a Microsoft Word document with a significant amount of slack space, indicating potential obfuscation or embedded malicious content. ClamAV detected it as Win.Trojan.Macro-11, suggesting the presence of malicious macros. The document body contains references to file paths and application names that do not directly reveal the attack's intent, but the combination of OLE slack anomaly and macro detection strongly suggests an attempt to exploit a vulnerability via document content.

Heuristics 2

ClamAV: Win.Trojan.Macro-11 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Macro-11
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 27,136 bytes but its declared streams total only 9,324 bytes — 17,812 bytes (66%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.