Office (OLE) / .DOC malware analysis — malicious · 53dcc282a6b694f8

MALICIOUS

Office (OLE) / .DOC

1.11 MB Created: 2012-09-21 09:56:09 Authoring application: Windows Installer

MD5: 878c93a88ba8412baefe9b6e297ee650 SHA-1: 54c139e0cda1919b4f324bcb5dc3a78a80c73024 SHA-256: 53dcc282a6b694f8e4b053e6b5b50b2e2fa446072b25cf1d9139e130a3ef3e51

162 Risk Score

Malware Insights

MITRE ATT&CK

T1559.001 Component Object Model Hijacking T1204.002 Malicious File

The sample is a malicious Microsoft Office document containing an embedded PE executable. Heuristics indicate the presence of NOP sleds and a lure for clipboard command execution, suggesting an attempt to obfuscate or trick the user into running the embedded payload. The embedded executable, 'embedded_office_00006000.exe', is the primary indicator of malicious intent.

Heuristics 5

Embedded PE executable critical OLE_EMBEDDED_EXE

MZ/PE header found inside document — possible embedded executable
NOP sled detected high SC_NOP_SLED

Found 20+ consecutive 0x90 bytes
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE

Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
NOP-equivalent sled detected medium SC_NOP_EQUIV_SLED

Long run of 0x41 bytes
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_office_00006000.exe` `4f533471dbb941662b2ceb305ac31fe9ec56263ef26891a136d628fbdc7314e6`	embedded-pe	Office MZ+PE at offset 0x6000	1134592 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact entropy is 7.65, consistent with packed or encrypted content.

Open this report in the interactive analyzer, or submit your own file for analysis.