Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 497c1cda19209373…

MALICIOUS

Office (OLE) / .PPT

921.5 KB Created: 2008-01-27 01:25:33 Authoring application: Microsoft PowerPoint
MD5: af5ef26b9d2ce874aedead301a71d68f SHA-1: e8c25267a750466b5ab62b4207fd576c1c431d4e SHA-256: 497c1cda19209373f2bcbde8e7f24ed8782b2b8fbf3e250595c2552f86482d61
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious File

The file is identified as a malicious PowerPoint presentation by ClamAV with the signature Ppt.Exploit.Apptom-10029459-0. Although VBA macros could not be extracted due to an unsupported format, the file's nature as a malicious exploit suggests it aims to deliver a secondary payload upon opening. The document body contains garbled text, offering no further clues to the specific lure.

Heuristics 2

  • ClamAV: Ppt.Exploit.Apptom-10029459-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Ppt.Exploit.Apptom-10029459-0
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (error); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.