Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 76bf67847405dea5…

MALICIOUS

Office (OLE) / .PPT

616.5 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft PowerPoint
MD5: 359a90b125a093aeecb985b114b26af8 SHA-1: 0137bd8c77e3bb4b865a65f573bf74a6c5644db2 SHA-256: 76bf67847405dea5139cd10343dc1112ab18c4ccced8c3e6819f14522d2dc548
140 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is identified as malicious by ClamAV with the signature Win.Trojan.Exploit-110. Static analysis reveals references to LoadLibrary and GetProcAddress APIs, indicating the potential for dynamic code loading and execution. These findings suggest the file is designed to exploit a client vulnerability to achieve code execution, likely as a precursor to downloading additional malicious content.

Heuristics 3

  • ClamAV: Win.Trojan.Exploit-110 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Exploit-110
  • Reference to LoadLibrary API high SC_STR_LOADLIBRARY
    Reference to LoadLibrary API
  • Reference to GetProcAddress API high SC_STR_GETPROCADDRESS
    Reference to GetProcAddress API

Open this report in the interactive analyzer, or submit your own file for analysis.