Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 6d8a0ee5116ad07a…

MALICIOUS

Office (OLE) / .DOC

37.7 KB First seen: 2023-04-28
MD5: 17aafbabc0d52377c9156c65175fc5aa SHA-1: 4565e87e1bbba0557143184e6fbb6c32a9ea5593 SHA-256: 6d8a0ee5116ad07a08bb35cf1b2e7065e4ca0be971bbd63415e82439dff1003e
80 Risk Score

Malware Insights

MITRE ATT&CK
T1564.003 Obfuscated Files or Information: Hidden Window

The document is password-encrypted and contains malformed OLE structures, specifically a CFB FAT corruption and a FAT chain loop. These characteristics suggest an attempt to obfuscate or protect malicious content within the file, making it difficult to analyze directly. The encryption and corruption are likely intended to evade static analysis and detection mechanisms.

Heuristics 2

  • Encrypted Office package with CFB FAT corruption critical OLE_ENCRYPTED_AND_MALFORMED
    Encrypted-package shape co-occurs with FAT-chain corruption — the documented combined evasion form.
  • Office document is password-encrypted medium OFFICE_ENCRYPTED_PACKAGE
    OLE container holds MS-OFFCRYPTO encrypted package (Standard Encryption (Office 2007, AES)).

Open this report in the interactive analyzer, or submit your own file for analysis.