Office (OLE) / .DOC malware analysis — malicious · 5e6d1d467298d3a0

MALICIOUS

Office (OLE) / .DOC

52.5 KB Created: 1998-03-24 12:41:00 Authoring application: Microsoft Word 6.0

MD5: 03c814f382b7ebecd22a7ba3fb84bf9c SHA-1: f7a7d5acc3e66c6a45a2bdbf61973ee322867051 SHA-256: 5e6d1d467298d3a051574cc3957e8320762c680117baf568450c568ea09fd836

100 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The file is an OLE document with a significant amount of slack space, which is a common technique for hiding malicious content. ClamAV detected it as Win.Trojan.W-283. The document body appears to be a list of students, likely a lure to encourage opening the file.

Heuristics 2

ClamAV: Win.Trojan.W-283 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.W-283
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 53,760 bytes but its declared streams total only 31,428 bytes — 22,332 bytes (42%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.