Office (OLE) / .1 malware analysis — malicious · 8b14f5065963340a

MALICIOUS

Office (OLE) / .1

149.8 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0

MD5: 0cb4b39533adda318b0543cad37e1c29 SHA-1: fefe753defbb5593e9b994e5717dd5dea4fd3b3a SHA-256: 8b14f5065963340af52cae08451cb926e168e66ffe351accf1e51a6feb8bc496

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1059.003 Windows Command Shell T1204.002 Malicious File

The sample contains references to the CreateProcess and ShellExecute APIs, indicating an attempt to execute external processes. The presence of a NOP-equivalent sled further suggests code injection or obfuscation techniques. Without a document body or script content, the exact payload and delivery mechanism remain unclear, leading to a lower confidence in family attribution.

Heuristics 3

Reference to CreateProcess API high SC_STR_CREATEPROCESS

Reference to CreateProcess API
Reference to ShellExecute API high SC_STR_SHELLEXEC

Reference to ShellExecute API
NOP-equivalent sled detected medium SC_NOP_EQUIV_SLED

Long run of 0x41 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.