Office (OLE) / .DOC malware analysis — malicious · 51e12755e4de7ad7

MALICIOUS

Office (OLE) / .DOC

50.9 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: f6d1d846c6b02de7c285762ca25f2aea SHA-1: b34a792aec9475c4cb43e33b5819bd90cceaaac1 SHA-256: 51e12755e4de7ad7c7b7de87740d005a984a1ae6b4dd5831e7c1ba131e77eba6

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1059.001 PowerShell

The sample is a malicious OLE document exhibiting a high degree of slack space anomaly, indicating potential obfuscation or embedded malicious content. The PEB access heuristic suggests the document attempts to interact with the process environment. While no specific script was extracted, the presence of embedded URLs and the overall malicious verdict strongly suggest an attempt to download and execute a secondary payload, likely exploiting a known vulnerability.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 52,142 bytes but its declared streams total only 16,486 bytes — 35,656 bytes (68%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.