Office (OLE) malware analysis — malicious · 8289449729cfed67

MALICIOUS

Office (OLE)

160.0 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: 54304c8eed3139ac15503f9319e16389 SHA-1: 26998d114cfd482f457fd50ab0064f39b3a7fc72 SHA-256: 8289449729cfed674fa6eee2e6935dc5458d5b2efc2bc06c24ca9e018d0613ab

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The sample is a malicious OLE document with a large slack space anomaly, indicating potential obfuscation or embedded malicious content. The PEB access heuristic suggests an attempt to interact with the process environment, likely to facilitate exploitation or payload execution. While no specific VBA or script content was provided, the heuristics and the nature of OLE documents strongly suggest an exploit attempt to download and run a secondary payload.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 163,840 bytes but its declared streams total only 16,486 bytes — 147,354 bytes (90%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.