Office (OLE) / .DOC malware analysis — malicious · 5f6de75100a767df

MALICIOUS

Office (OLE) / .DOC

687.5 KB Created: 2009-02-26 07:53:00 Authoring application: Microsoft Office Word

MD5: 75dc972d4f1c321261cbd133f7f0d74b SHA-1: a170996d7e08019da4657fc62c964dad265331d2 SHA-256: 5f6de75100a767df8ac2985d590b1592891598c7b468067dcea5f566f8fe48ea

80 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution

The sample is an OLE document with a significant amount of slack space, indicating potential obfuscation or embedded malicious content. The presence of an x86 GetPC stub heuristic firing suggests the exploitation of a client-side vulnerability to achieve code execution. Without further script or body content, the specific exploit and payload remain undetermined.

Heuristics 2

x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EDI)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 704,002 bytes but its declared streams total only 16,543 bytes — 687,459 bytes (98%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.