MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1204 Malicious Link
The OLE document exhibits a significant slack space anomaly, suggesting the presence of hidden or malicious content. The heuristic firing for VirtualAlloc API indicates potential memory allocation for malicious code execution. While the document body contains only test construction information, the combination of these factors points towards an exploit attempt within the Office document.
Heuristics 3
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 131,440 bytes but its declared streams total only 31,351 bytes — 100,089 bytes (76%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
-
Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOCReference to VirtualAlloc API
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main
Open this report in the interactive analyzer, or submit your own file for analysis.