MALICIOUS
100
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
The file is a Microsoft Office document with a significant amount of slack space, indicating potential obfuscation or embedded malicious content. A critical heuristic identified an embedded Adobe Flash (SWF) object, which is commonly used to deliver exploits. This suggests the document's primary purpose is to leverage vulnerabilities within the Flash Player to execute arbitrary code on the victim's system.
Heuristics 2
-
Embedded Adobe Flash (SWF) in OLE document critical OFFICE_EMBEDDED_SWFDocument contains an embedded Adobe Flash (SWF) object. Vulnerabilities such as CVE-2018-4878 and CVE-2018-15982 involved Flash objects embedded in Office files. Adobe Flash has been end-of-life since December 2020.
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 134,160 bytes but its declared streams total only 22,169 bytes — 111,991 bytes (83%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Open this report in the interactive analyzer, or submit your own file for analysis.