Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 710bd83366308a55…

MALICIOUS

Office (OLE) / .PPT

685.5 KB Created: 2002-08-22 17:01:28 Authoring application: Microsoft PowerPoint
MD5: 2ff9280fb464239cd339dc48099e3a44 SHA-1: 4a79d0d48d8cec18e33198e69013019a08d26cb2 SHA-256: 710bd83366308a55dd935bf80aad21bc6c33ce24fa23a203410c31e4a83d3e03
220 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059 Command and Scripting Interpreter

The file is identified as malicious by ClamAV with the signature Win.Trojan.Agent-40906. Heuristics indicate suspicious use of Windows API functions such as CreateProcess, LoadLibrary, and GetProcAddress, commonly employed by malware to execute arbitrary code or load malicious libraries. The document body contains social engineering text, but the core malicious activity is inferred from the API calls.

Heuristics 5

  • ClamAV: Win.Trojan.Agent-40906 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Agent-40906
  • Reference to CreateProcess API high SC_STR_CREATEPROCESS
    Reference to CreateProcess API
  • Suspicious cmd.exe invocation with execution flag high SC_STR_CMD
    Suspicious cmd.exe invocation with execution flag
  • Reference to LoadLibrary API high SC_STR_LOADLIBRARY
    Reference to LoadLibrary API
  • Reference to GetProcAddress API high SC_STR_GETPROCADDRESS
    Reference to GetProcAddress API

Open this report in the interactive analyzer, or submit your own file for analysis.