Office (OOXML) malware analysis — malicious · 70b8d220469c8071

MALICIOUS

Office (OOXML)

106.4 KB Created: 2014-08-06 07:56:10 UTC Authoring application: Microsoft Office PowerPoint 12.0000 First seen: 2014-11-24

MD5: 330e8d23ab82e8a0ca6d166755408eb1 SHA-1: 22fbbcfa5646497e57ee238a180d1b367789984a SHA-256: 70b8d220469c8071029795d32ea91829f683e3fbbaa8b978a31a0974daee8aaf

140 Risk Score

Heuristics 2

ClamAV: Doc.Dropper.Agent-6531823-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6531823-0
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 4

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin`	ooxml-ole-object	OOXML embedded OLE part: ppt/embeddings/oleObject2.bin	2560 bytes
SHA-256: `d0a821b9f65bb8fcdd1e00e80402cefbdeba391c5ca010240bedeb62175c8059`
Detection ClamAV: Doc.Dropper.Agent-6327441-0 Obfuscation or payload: unlikely
`ooxml_oleobject_00_ole10native_00.bin`	ole-package	OOXML ppt/embeddings/oleObject2.bin Ole10Native stream: OLE10Native	55 bytes
SHA-256: `6e2b033df799903b9bb64c134aa3d9f82b2de71e0f19d758c005b5f07e5e5406`
`ooxml_oleobject_01.bin`	ooxml-ole-object	OOXML embedded OLE part: ppt/embeddings/oleObject1.bin	2560 bytes
SHA-256: `71b4bd5f19d55f1c5d8b989cadf2c4eeafc014841bdd08480df2a8d818f9c857`
Detection ClamAV: Doc.Dropper.Agent-6531823-0 Obfuscation or payload: unlikely
`ooxml_oleobject_01_ole10native_00.bin`	ole-package	OOXML ppt/embeddings/oleObject1.bin Ole10Native stream: OLE10Native	55 bytes
SHA-256: `b4015e17d566c172615d746ea5b5963c2f7017e600ae60d804a8b97d6b1b7d6d`

Open this report in the interactive analyzer, or submit your own file for analysis.