Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 8e53683133e7e1dd…

MALICIOUS

Office (OLE) / .DOC

321.5 KB Created: 2026-02-12 06:17:00 Authoring application: WPS Office_12.2.0.23196_F1E327BC-269C-435d-A152-05C5408002CA First seen: 2026-03-11
MD5: 90c59e9620a8da4e56a7f61fd188d908 SHA-1: 3f4852ef07988b870b68e16c802b6e2b256e0b72 SHA-256: 8e53683133e7e1ddd1d8728b6ba8b9b80ec40f6772422c8adc8002bafe553f7b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1559.001 Component Object Model Hijacking

The file is a malicious OLE document that exploits CVE-2026-21509 to bypass Protected View. The document body masquerades as procurement instructions for a surveillance system, aiming to trick the user into opening it. The exploitation of a known vulnerability suggests an attempt to deliver a secondary payload, though no specific details were extracted.

Heuristics 1

  • OLE/COM security bypass — CVE-2026-21509 (Killbit/Protected View bypass) critical CVE related CVE_2026_21509
    OLE/COM security bypass — CVE-2026-21509 (Killbit/Protected View bypass)

Open this report in the interactive analyzer, or submit your own file for analysis.