Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 5b6275d12666322d…

MALICIOUS

Office (OLE)

676.0 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft PowerPoint First seen: 2012-09-20
MD5: 98238a72234267d663ddbc079d87b13a SHA-1: 4891941a4f9c631385878ca776d0f58b2c52fa78 SHA-256: 5b6275d12666322d7c90d525f63f638f6d2252a2a51ffdeec5f16394042a5395
60 Risk Score

Heuristics 1

  • CVE-2009-0556 — PowerPoint malformed ClientTextbox critical CVE likely CVE_2009_0556
    PowerPoint Document contains an EscherClientTextbox with TextHeaderAtom, a long repeated-byte TextBytesAtom payload, and OutlineTextRefAtom in the same textbox. This is the CVE-2009-0556 malformed ClientTextbox/OutlineTextRefAtom exploit shape recovered directly from the stream even when the surrounding record walk desynchronizes.