Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 88404d9cc6bc6b65…

MALICIOUS

Office (OLE)

154.0 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0
MD5: fd6d8efdf49e67e1d3d58d9144c6fb2f SHA-1: 91244ad497f312b73b26a4f1d588d1e58d678014 SHA-256: 88404d9cc6bc6b653d59dd6682227fed055ad07a5300be24e2101a6ab9bfd8e8
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is a Microsoft Word document that triggers a critical heuristic for CVE-2006-6456, indicating exploitation of a malformed table SPRM vulnerability. This vulnerability allows for arbitrary code execution within the context of the application. No document body or scripts were extracted, but the heuristic strongly suggests an exploit targeting this specific CVE.

Heuristics 1

  • CVE-2006-6456 — Microsoft Word malformed table SPRM critical CVE exact CVE_2006_6456
    WordDocument contains a malformed table border-color SPRM in the CVE-2006-6456 shape: a valid table-SPRM cluster is followed by an invalid high-byte 0xFF SPRM where Word expects a normal sprmTBrc*Cv record. Vulnerable Word 2000/2002/2003 parsers corrupt memory while handling this malformed data structure.

Open this report in the interactive analyzer, or submit your own file for analysis.