Office (OLE) / .PPT malware analysis — malicious · 69c93195a3c50e10

MALICIOUS

Office (OLE) / .PPT

1.18 MB Created: 2002-01-24 16:45:42 Authoring application: Microsoft PowerPoint

MD5: 7faab39c22b5f368f115b435606498e0 SHA-1: 9ee04248fd505390b1339fbca877d1b9f70f1a54 SHA-256: 69c93195a3c50e10c0ffa6b57ff605ddc034b87df74f672a438d7851b5426272

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is a PowerPoint file with a high-severity heuristic indicating an appended executable payload. Additionally, medium-severity heuristics confirm the presence of VBA macros. The extracted VBA macro, though simple, is indicative of malicious intent to download and execute a secondary stage. The file's purpose is likely to deliver this payload to the victim.

Heuristics 2

OLE file has appended executable-looking payload bytes high OLE_APPENDED_PAYLOAD

OLE compound file contains a large high-entropy region beyond the declared major streams and that region includes shellcode, PE, or loader API markers. This is a payload-carrier signal, not a specific CVE attribution by itself.
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `68066dca789f9c6606177d9c14b9c7407d9792b1a5477691cf748b9d248423bf`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	182 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.