Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 7fb24d2e45c10e51…

MALICIOUS

Office (OLE) / .DOC

74.0 KB First seen: 2026-05-10
MD5: 1dfde34900a6baa9ff7350e263dd244d SHA-1: 76f4b3c6498be70a8a186b3f109c5fe2e4b18e84 SHA-256: 7fb24d2e45c10e51f4de533775306afe3812c45ec9f8bd460eccc9404ba6f701
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is a Microsoft Word document that exploits the CVE-2006-2492 vulnerability. This vulnerability allows for arbitrary code execution when the document is opened. No further details on the payload or family could be determined from the available evidence.

Heuristics 1

  • CVE-2006-2492 — Microsoft Word malformed object pointer exploit critical CVE likely CVE_2006_2492
    Word OLE document has the CVE-2006-2492-era exploit shape: malformed compound-file object pointers and an impossible WordDocument stream size drive parser divergence, while unreferenced sectors contain rotate-decoded Win32 shellcode that removes Word Resiliency/StartupItems registry keys.

Open this report in the interactive analyzer, or submit your own file for analysis.