Office (OLE) / .PPT malware analysis — malicious · 3083bd49cf6e9088

MALICIOUS

Office (OLE) / .PPT

587.0 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft PowerPoint

MD5: c335e79016cbbb33549f9978e647348a SHA-1: 073c1a762817d12a9f250cc8fb00e79f30105037 SHA-256: 3083bd49cf6e90880bb1763a0c2d0b4fd28ea69da203517d65fe65dd933d3143

60 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Win.Exploit.13525-1. It contains an embedded URL pointing to 'http://devinmartin.net/mstr/jusched.exe', which is likely the location of a secondary payload. The PowerPoint document itself does not contain user-readable content, suggesting its primary purpose is to host the exploit or lure. The presence of the embedded URL strongly indicates a download and execute attack pattern.

Heuristics 2

ClamAV: Win.Exploit.13525-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Exploit.13525-1
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://devinmartin.net/mstr/jusched.exe
- http://schemas.openxmlformats.org/drawingml/2006/main

Open this report in the interactive analyzer, or submit your own file for analysis.