Office (OLE) / .DOC malware analysis — malicious · 48f6e219af271db9

MALICIOUS

Office (OLE) / .DOC

82.5 KB Created: 2009-03-31 05:41:00 Authoring application: Microsoft Word 10.0

MD5: aece57770a7fa8ff114325e85ecc9a94 SHA-1: 0f27dc5c03c5cc6b21c2bc422616a617995f2566 SHA-256: 48f6e219af271db97bd370ccaf33fef1a8b7022336d71160f9d94043edc210ec

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution

The document is a malicious OLE file that contains a high-severity heuristic firing for an x86 GetPC stub, indicating potential shellcode execution. The large slack space anomaly further suggests the presence of embedded malicious content. The document body is unreadable, and no scripts were extracted, limiting further analysis of the specific payload or delivery mechanism.

Heuristics 2

x86 GetPC stub (CALL $+5; POP EAX) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EAX)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 84,481 bytes but its declared streams total only 16,536 bytes — 67,945 bytes (80%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.