Malicious Office (OLE) / .PPS — malware analysis report

Static analysis result for SHA-256 692f152bca95f70a…

MALICIOUS

Office (OLE) / .PPS

618.5 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft PowerPoint
MD5: 7086e0edd1347f9b8d09da774ed4a87e SHA-1: 343b099cf0eed753b7caeb9b78dc85d0ac8ba280 SHA-256: 692f152bca95f70a3f2d866e514f9581e7c73aa9d582d5184bd22beebda283f9
200 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is a PowerPoint slideshow (PPS) that contains references to Windows API functions commonly used in exploits, such as CreateRemoteThread, LoadLibrary, and GetProcAddress. This suggests the file attempts to exploit a vulnerability to execute arbitrary code, likely downloading and running a secondary payload. The ClamAV detection 'Win.Trojan.Exploit-110' further supports this assessment.

Heuristics 4

  • Reference to CreateRemoteThread API critical SC_STR_CREATEREMOTETHREAD
    Reference to CreateRemoteThread API
  • ClamAV: Win.Trojan.Exploit-110 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Exploit-110
  • Reference to LoadLibrary API high SC_STR_LOADLIBRARY
    Reference to LoadLibrary API
  • Reference to GetProcAddress API high SC_STR_GETPROCADDRESS
    Reference to GetProcAddress API

Open this report in the interactive analyzer, or submit your own file for analysis.