Office (OLE) / .DOC malware analysis — malicious · 3cd8517d5af3f513

MALICIOUS

Office (OLE) / .DOC

57.2 KB Created: 2006-01-25 08:30:00 Authoring application: Microsoft Office Word

MD5: 553349df46efa958cf5c0e0f727fa992 SHA-1: d9954a2626862578a96fd1af44b42bf4d8b33ad6 SHA-256: 3cd8517d5af3f51345b91a45c408a441c1f32c73e6b378b70fb0068a8a140aaa

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The sample is an OLE document with a high slack anomaly, indicating potential obfuscation or embedded malicious content. A heuristic firing for CreateProcess API suggests the document attempts to launch an external process. No document body or script content was available for further analysis, limiting the ability to determine the specific payload or family.

Heuristics 2

Reference to CreateProcess API high SC_STR_CREATEPROCESS

Reference to CreateProcess API
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 58,528 bytes but its declared streams total only 21,151 bytes — 37,377 bytes (64%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.