Office (OLE) / .DOC malware analysis — malicious · 7541bc13e5a0a316

MALICIOUS

Office (OLE) / .DOC

52.0 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: 878fd55c6edfb2a58bb524fb6b88013d SHA-1: a8bb1f75a6509a8acc020f6b95af8c6b7f5910c4 SHA-256: 7541bc13e5a0a3162a6f7561fa3aec7fe87004dbf987c7f5e1dc111ab3eeb4b1

80 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution

The sample exhibits high heuristic alerts for PEB access and a large slack space anomaly, indicative of potential exploit activity. The document body contains obfuscated strings and API calls such as 'CreateFileW', 'WriteFile', and 'WinExec', suggesting an attempt to download and execute a second-stage payload. The lack of clear document content or scripts makes precise family attribution difficult.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 53,207 bytes but its declared streams total only 16,486 bytes — 36,721 bytes (69%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.