Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 81ecf0bbd62ef860…

MALICIOUS

Office (OLE) / .DOC

64.5 KB Created: 2025-07-13 04:05:00 Authoring application: WPS Office_11.1.0.11723_F1E327BC-269C-435d-A152-05C5408002CAࠄ First seen: 2026-04-04
MD5: 125e0fe72019e1a8c44ad73a598ba95f SHA-1: dd67fe17cf0b0448c432083bb3b0a456b546e95d SHA-256: 81ecf0bbd62ef8602803b02d767cf2915875da82d156de57589733b58b36ad63
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.001 Spearphishing Attachment

The sample is a malicious OLE document that exploits CVE-2026-21509 to bypass Protected View. The document body is a tender notice, which is a common lure for phishing attacks. The exploit allows the document to execute arbitrary code, likely to download further malicious payloads or steal sensitive information.

Heuristics 1

  • OLE/COM security bypass — CVE-2026-21509 (Killbit/Protected View bypass) critical CVE related CVE_2026_21509
    OLE/COM security bypass — CVE-2026-21509 (Killbit/Protected View bypass)

Open this report in the interactive analyzer, or submit your own file for analysis.