MALICIOUS
100
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
The critical heuristic firing indicates the presence of an embedded Adobe Flash (SWF) object within the OLE document. This is a common technique for delivering exploits targeting vulnerabilities in Flash Player. The OLE slack anomaly further suggests potential obfuscation or padding within the file structure. No document body text or scripts were extracted, limiting further analysis of the specific exploit or payload.
Heuristics 2
-
Embedded Adobe Flash (SWF) in OLE document critical OFFICE_EMBEDDED_SWFDocument contains an embedded Adobe Flash (SWF) object. Vulnerabilities such as CVE-2018-4878 and CVE-2018-15982 involved Flash objects embedded in Office files. Adobe Flash has been end-of-life since December 2020.
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 56,860 bytes but its declared streams total only 22,169 bytes — 34,691 bytes (61%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Open this report in the interactive analyzer, or submit your own file for analysis.