Office (OLE) / .DOC malware analysis — malicious · 346596468638bf38

MALICIOUS

Office (OLE) / .DOC

84.9 KB Created: 2009-05-15 02:00:00 Authoring application: Microsoft Word 9.1

MD5: 6f7f48b4b7a4fe84d49dd47a39aaca3e SHA-1: 4f459a37037d82bf8b8a10cbb1f3a4317a7c9e4f SHA-256: 346596468638bf38781172af3131784eecad0ab22f277fee5c86a39449947076

80 Risk Score

Heuristics 2

x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EDI)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 86,911 bytes but its declared streams total only 8,934 bytes — 77,977 bytes (90%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.