Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 67d5991c4e96f7c5…

MALICIOUS

Office (OLE) / .DOC

25.5 KB Created: 2007-04-08 15:50:00 Authoring application: Microsoft Office Word
MD5: f88c19317075794c8bdac5188210db17 SHA-1: 11b73ffd86b8deb1da1bee2fa60da42f3a04637f SHA-256: 67d5991c4e96f7c54f632110f51d28a1bf20a55e63e376404d08552442c2ca33
62 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is detected as a malicious dropper by ClamAV. The document body contains the text 'Buffer overflow', suggesting an attempt to exploit such a vulnerability for code execution. While a URL was extracted, it was confirmed as benign and is likely part of the document's legitimate structure.

Heuristics 2

  • ClamAV: Doc.Dropper.Agent-6416444-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-6416444-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main

Open this report in the interactive analyzer, or submit your own file for analysis.