Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 647cc2f364adea5b…

MALICIOUS

Office (OLE) / .PPT

43.0 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft PowerPoint
MD5: 7d12b05f7c3266d3e135285e3ce2b398 SHA-1: 5dd54e7007edad16f937a00525077f3104b9bfdf SHA-256: 647cc2f364adea5bc1bf2792b26053ee95cad88678c1554d7987c78ada462882
80 Risk Score

Malware Insights

The sample is a PowerPoint file exhibiting critical heuristics for XOR-encoded strings, suggesting obfuscated malicious content. The presence of a NOP-equivalent sled further indicates potential shellcode or exploit execution. While no specific document body or script content is available for direct analysis, the heuristics strongly imply an attempt to hide malicious functionality, likely involving code execution or data exfiltration.

Heuristics 2

  • XOR-encoded strings (key 0x6D) critical SC_XOR_ENCODED
    Found 4 Windows library/API name(s) XOR-encoded with single-byte key 0x6D: 'LoadLibraryA', 'CreateProcessA', 'ExitProcess', 'CreateFileA'
  • NOP-equivalent sled detected medium SC_NOP_EQUIV_SLED
    Long run of 0x61 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.