Office (OLE) / .DOC malware analysis — malicious · 4ff800c93f5b7e94

MALICIOUS

Office (OLE) / .DOC

1.11 MB Created: 1996-02-12 19:56:00 Authoring application: Microsoft Word 6.0

MD5: 7ccd9c7d2b7b14a1c8e6469d281ec224 SHA-1: 8897567299357dab3c97c766899daad333860d86 SHA-256: 4ff800c93f5b7e94037b11fac919f9f7509b6d99b4e7142610842808d82bd52e

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The sample is a Microsoft Word document containing technical text about optical storage technology. A critical heuristic firing indicates XOR-encoded strings, suggesting obfuscated malicious content. While no scripts were extracted, the presence of encoded strings and the document's nature point towards a downloader or dropper attempting to conceal its payload.

Heuristics 1

XOR-encoded strings (key 0xFC) critical SC_XOR_ENCODED

Found 8 Windows library/API name(s) XOR-encoded with single-byte key 0xFC: 'iphlpapi.dll', 'iphlpapi.dll', 'LoadLibraryW', 'LoadLibraryW', 'GetProcAddress', 'GetProcAddress', 'InternetOpenW', 'HttpOpenRequestW'

Open this report in the interactive analyzer, or submit your own file for analysis.