Office (OLE) / .PPT malware analysis — malicious · 4bbc1bb8fc23c323

MALICIOUS

Office (OLE) / .PPT

738.0 KB Created: 2002-10-23 19:44:13 Authoring application: Microsoft PowerPoint

MD5: da5678cd71bce77d7b597b21fd95dcfa SHA-1: 373aece0e915bdf92177564233d12b70f427ec40 SHA-256: 4bbc1bb8fc23c323403c66cb7b1bcfaf3c61924014bcee0622a0f4fe24a9b798

60 Risk Score

Malware Insights

MITRE ATT&CK

T1200 Hardware Add-Or Replace Or Update

The file is detected as Win.Exploit.CVE_2001_0500-1, indicating it exploits a known vulnerability. The document body contains output from network scanning tools like nmap and telnet, along with references to an exploit script, suggesting the file's purpose is to facilitate network reconnaissance and potentially exploit vulnerabilities on the target IP address 172.16.16.5. The embedded URLs point to this same IP address.

Heuristics 2

ClamAV: Win.Exploit.CVE_2001_0500-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Exploit.CVE_2001_0500-1
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://172.16.16.5/postinfo.html
- http://172.16.16.5/postinfo.htmlContent-Type

Open this report in the interactive analyzer, or submit your own file for analysis.