MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File: User Execution
T1059.001 PowerShell
The sample is an OLE document with a significant amount of slack space, indicating potential obfuscation or embedded malicious content. The 'x86 GetPC stub' heuristic suggests the presence of shellcode, likely intended to exploit a vulnerability within Microsoft Word. While no specific document body content or scripts were extracted, the combination of heuristics points towards a malicious document designed for exploitation.
Heuristics 2
-
x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALLx86 GetPC stub (CALL $+5; POP EDI)
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 112,511 bytes but its declared streams total only 8,934 bytes — 103,577 bytes (92%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Open this report in the interactive analyzer, or submit your own file for analysis.