Office (OLE) malware analysis — malicious · 75327f4752b37b5b

MALICIOUS

Office (OLE)

64.9 KB Created: 2006-01-25 08:30:00 Authoring application: Microsoft Office Word

MD5: 9e122ec7edc487b9681611890d6095bd SHA-1: b92d8e3ec85c1f6e57c14a28871acebdd7218313 SHA-256: 75327f4752b37b5bc4ee85e85741339c4674266d254ad8f7092359229c606c33

82 Risk Score

Malware Insights

The sample is an OLE document that contains a high-severity heuristic firing for the CreateProcess API, indicating an attempt to launch an external process. The document also exhibits an OLE slack anomaly, suggesting potential obfuscation or embedded malicious content. No document body or scripts were extracted to provide further context on the payload or delivery mechanism.

Heuristics 3

Reference to CreateProcess API high SC_STR_CREATEPROCESS

Reference to CreateProcess API
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 66,464 bytes but its declared streams total only 21,151 bytes — 45,313 bytes (68%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main

Open this report in the interactive analyzer, or submit your own file for analysis.