Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 47c9fff991fc780a…

MALICIOUS

Office (OLE)

135.5 KB Created: 2009-08-03 20:41:00
MD5: f89384f6eac50fb27f255eeae8ab3939 SHA-1: 031fd7922677c81b2936cf50cd7373cebf4571bc SHA-256: 47c9fff991fc780a73d4372f293dbae082c3cefa74e81d21aa0d33772461073c
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is an OLE document that contains embedded OLE objects. A heuristic firing indicates a potential exploitation of CVE-2026-21514 via Ole10Native, suggesting an attempt to execute arbitrary code. The presence of references to WinExec and VirtualAlloc APIs further supports the likelihood of payload execution. The embedded OLE object, 'ole10native_00.bin', is likely the malicious payload.

Heuristics 3

  • OLE with Ole10Native — possible CVE-2026-21514 exploitation high CVE likely CVE_2026_21514
    Document contains a Word OLE object with Ole10Native plus executable, PE, or risky remote-link indicators. CVE-2026-21514 exploits OLE metadata validation; this stronger structure is treated as likely exploitation.
  • Reference to WinExec API high SC_STR_WINEXEC
    Reference to WinExec API
  • Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC
    Reference to VirtualAlloc API

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ole10native_00.bin
4e38424982fab35000779bff5dc5b4744d05fc8bd27fef20d88a9edc4ccf9fec		 ole-package OLE Ole10Native stream: ObjectPool/_106802696/Ole10Native 41572 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.