MALICIOUS
80
Risk Score
Malware Insights
The file is an OLE document with a significant amount of slack space, a common technique for hiding malicious content. While no specific VBA macros or executable code were directly identified, the 'GetPC stub' heuristic suggests the presence of shellcode. The document body is unreadable, providing no further context. The large slack space and the heuristic firing indicate a high likelihood of malicious intent, possibly as a dropper or exploit container.
Heuristics 2
-
x86 GetPC stub (CALL $+5; POP EAX) high SC_GETPC_CALLx86 GetPC stub (CALL $+5; POP EAX)
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 276,137 bytes but its declared streams total only 16,536 bytes — 259,601 bytes (94%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Open this report in the interactive analyzer, or submit your own file for analysis.