Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 7070cf67d784bbff…

MALICIOUS

Office (OLE)

164.0 KB Created: 2005-07-01 10:36:00 Authoring application: Microsoft Word 9.0 First seen: 2017-06-27
MD5: 8869dd9f6112fe8cd47bfe6c816998dd SHA-1: 974376fcb56727e04562a4fd8f12166a76168673 SHA-256: 7070cf67d784bbff69273f98036b9c8347a64b5023230b9a373a1687676832f6
82 Risk Score

Malware Insights

The file contains references to LoadLibrary and GetProcAddress APIs, common in shellcode execution. The document body discusses shellcode and buffer overflows, suggesting a technical lure. While no scripts were extracted, the presence of embedded URLs and the nature of the document content indicate a potential for malicious activity, possibly related to exploiting security vulnerabilities or distributing further payloads.

Heuristics 3

  • Reference to LoadLibrary API high SC_STR_LOADLIBRARY
    Reference to LoadLibrary API
  • Reference to GetProcAddress API high SC_STR_GETPROCADDRESS
    Reference to GetProcAddress API
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.lsd-pl.net/documents/winasm-1.0.1.pdf In document text (OLE body)
    • http://www.dopesquad.net/security/defcon-2000.pdfIn document text (OLE body)
    • http://teso.scene.at/articles/mipsshellcode/mipsshellcode.pdfIn document text (OLE body)
    • http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/bh-usa-01/LSD/bh-usa-01-lsd.pdfIn document text (OLE body)
    • http://www.blackhat.com/presentations/bh-asia-03/bh-asia-03-chong.pdfIn document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.