Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 8cb418018643348b…

MALICIOUS

Office (OLE) / .PPT

85.0 KB Created: 2006-12-21 02:43:36 Authoring application: Microsoft Office PowerPoint
MD5: 2e5d660bfa084aff3f742670a4f7b323 SHA-1: bc53387831376c247757bf3b7c800ec73bc36163 SHA-256: 8cb418018643348b4f74a1159fde29c164271b6a72cbd5d31f06a8cb8c0ff15c
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file is a PowerPoint document containing an embedded PE executable. The presence of the WinExec API reference and the embedded executable strongly suggest that the file is designed to execute malicious code. The document body contains Chinese New Year greetings, which is likely a lure to disguise the malicious payload.

Heuristics 2

  • Embedded PE executable critical OLE_EMBEDDED_EXE
    MZ/PE header found inside document — possible embedded executable
  • Reference to WinExec API high SC_STR_WINEXEC
    Reference to WinExec API

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_office_00003883.exe
dd9f656492182963150e55f797468edbdeeacef9b6d2643ee779192bfc93b7df		 embedded-pe Office MZ+PE at offset 0x3883 72573 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.