Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 5d486338e6638105…

MALICIOUS

Office (OLE) / .DOC

96.5 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0
MD5: 4e779c3e92633a6d38e11686f054c48a SHA-1: fef07e7b6224068ffbb04215e885519a7e531fe0 SHA-256: 5d486338e66381052a44f9bffefcb7c4b5a8c46a7b50a7ade14d02148ce2dcdb
100 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is a Microsoft Word document that triggers a critical heuristic for CVE-2006-6456, indicating exploitation of a table malformation vulnerability. A NOP sled was also detected, commonly used in shellcode to ensure reliable execution. These indicators strongly suggest the document is designed to exploit this vulnerability for client-side code execution.

Heuristics 2

  • CVE-2006-6456 — Microsoft Word malformed table SPRM critical CVE exact CVE_2006_6456
    WordDocument contains a malformed table border-color SPRM in the CVE-2006-6456 shape: a valid table-SPRM cluster is followed by an invalid high-byte 0xFF SPRM where Word expects a normal sprmTBrc*Cv record. Vulnerable Word 2000/2002/2003 parsers corrupt memory while handling this malformed data structure.
  • NOP sled detected high SC_NOP_SLED
    Found 20+ consecutive 0x90 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.