MALICIOUS
62
Risk Score
Heuristics 3
-
Equation Editor OLE object high OLE_EQUATION_EDITOREmbedded OLE object word/embeddings/oleObject5.bin contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/markup-compatibility/2006 In document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/relationshipsIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/mathIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/wordprocessingml/2006/mainIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2006/wordmlIn document text (OOXML body / shared strings)
Extracted artifacts 13
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject5.bin | 3584 bytes |
SHA-256: d7c724d45686870b0c3e1f849bf53eb42066c07b7c14c7f7acabe35171e53a48 |
|||
ooxml_oleobject_01.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject9.bin | 3584 bytes |
SHA-256: 31113dc153e208501060b46251df666401eb181cebe3c081498afdb796e6a593 |
|||
ooxml_oleobject_02.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject7.bin | 3072 bytes |
SHA-256: 141032b64d907d18db93b02e95919cc0cf16779c1e38a972763bb95f02a61b84 |
|||
ooxml_oleobject_03.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject2.bin | 3584 bytes |
SHA-256: 47c0e12b2fcab4cc84ffb0eceadd9bdce1e241593c2526fc01816076cf8e0211 |
|||
ooxml_oleobject_04.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject3.bin | 3072 bytes |
SHA-256: 2b8472ef2ebd506f099d1e9f78d5ace738031010f1c73f7ea433bc3d12804a4d |
|||
ooxml_oleobject_05.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject4.bin | 3584 bytes |
SHA-256: a66e1c6d9598389aa26b95382bd52e4f06ba540083b7821c27259fc12d87a5b9 |
|||
ooxml_oleobject_06.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject6.bin | 3072 bytes |
SHA-256: dd0005efa1b9bdb4eb86c9f9033b9ea46b3f7d4f6a254669d7938e0285ea1f32 |
|||
ooxml_oleobject_07.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject12.bin | 3072 bytes |
SHA-256: 9c24f8fb80f9060f083636af8c1929623daa1872d759d37ddeb7abef53a1238e |
|||
ooxml_oleobject_08.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject10.bin | 3584 bytes |
SHA-256: 432353942f9d6ab9905423ed68b9a213b08bf784dd57fc26e0c1fd3dd969cbbd |
|||
ooxml_oleobject_09.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject13.bin | 3072 bytes |
SHA-256: af79ccd44a2beb030249bb9fb3b2f6b3094bab77e702c665e8b79feca46ea859 |
|||
ooxml_oleobject_10.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject1.bin | 3072 bytes |
SHA-256: 00b50b298cb56c73feab5291ef37133c8fe5359fdf74f2c4d30d3f5f490bf29f |
|||
ooxml_oleobject_11.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject11.bin | 3584 bytes |
SHA-256: dc668d2da1236bbee75044865e5aa49c390c4294b3ab478d9434d093b410e0d5 |
|||
ooxml_oleobject_12.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject8.bin | 3584 bytes |
SHA-256: 078d0c86a519f18ad5236bb86af3639572203e7ebc474ca856df7910108954a8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.