Office (OLE) malware analysis — malicious · 459b167a7ac071c7

MALICIOUS

Office (OLE)

55.7 KB Created: 2006-01-25 08:30:00 Authoring application: Microsoft Office Word

MD5: 2c8f719ae3a63632207fa2dde5dfb376 SHA-1: ace111d788eed60db68652e1f00d99f7ee79aeb4 SHA-256: 459b167a7ac071c7bc30ffc31b8a438bb0f7a0598097c6ee749021627b46130c

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The sample is an OLE document with a high slack space anomaly, indicating potential obfuscation or embedded malicious content. A heuristic firing for CreateProcess API suggests the document attempts to launch an external process. The document body is unreadable, and no scripts were extracted, limiting further analysis. The confidence is moderate due to the lack of specific indicators beyond the CreateProcess heuristic.

Heuristics 2

Reference to CreateProcess API high SC_STR_CREATEPROCESS

Reference to CreateProcess API
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 56,992 bytes but its declared streams total only 21,151 bytes — 35,841 bytes (63%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.