Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 4b42b1fb90005df5…

MALICIOUS

Office (OLE)

99.5 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft PowerPoint First seen: 2015-09-19
MD5: 49836ee73f8ac0d2b3ab24225e7950e0 SHA-1: e78c3118531d7e132a2f51f55ac536a1cdd0f8b5 SHA-256: 4b42b1fb90005df5d7a67f9cc5f24c38e4472374db3abb3812dec1ea5e4437cc
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as Win.Trojan.MSShellcode-6360729-4, indicating the presence of malicious shellcode. The document structure and embedded URL, though benign, suggest an attempt to disguise malicious content. The primary attack vector is likely spearphishing, where the document is sent as an attachment to trick the recipient into opening it.

Heuristics 2

  • ClamAV: Win.Trojan.MSShellcode-6360729-4 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.MSShellcode-6360729-4
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.