Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 53eb3ece60609f14…

MALICIOUS

Office (OLE) / .DOC

2.67 MB
MD5: 8f7dd660cb8560bc6eb377a0a0d86fc0 SHA-1: 41792a8cab5fe6bdeced22eb3fdb15471356ec0c SHA-256: 53eb3ece60609f14d0932c0b41b97e56d0e478f5f963c1ce12a40b9364c435ab
80 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The document presents itself as a software utility installer for 'PowerDesk Utilities 98'. The 'SE_PASSWORD_ARCHIVE_LURE' heuristic indicates that the document likely instructs the user to open a password-protected archive, which is a common tactic to bypass gateway security. The embedded URL 'http://www.mijenix.com' is likely associated with the distribution of the malicious payload. No scripts were extracted from this sample.

Heuristics 3

  • NOP sled detected high SC_NOP_SLED
    Found 20+ consecutive 0x90 bytes
  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.mijenix.com

Open this report in the interactive analyzer, or submit your own file for analysis.