Office (OLE) / .DOC malware analysis — malicious · 64007794ab44bddb

MALICIOUS

Office (OLE) / .DOC

73.5 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: ebc5d1b6ae1791153cf2a9e13380957d SHA-1: 28aae07317a7d30ce37b57efcee0a351a0ba3d14 SHA-256: 64007794ab44bddb3c0f17fabe6a569dcf3e5d92e7fe58aa2f838fa820c5b04a

80 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution

The sample is a malicious OLE document exhibiting a high degree of slack space, indicative of potential obfuscation or embedded exploit code. The PEB access heuristic further suggests an attempt to manipulate process execution. While no specific document body content or scripts were extracted, these indicators strongly point towards an exploitation attempt to achieve arbitrary code execution.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 75,264 bytes but its declared streams total only 16,486 bytes — 58,778 bytes (78%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.