MALICIOUS
102
Risk Score
Heuristics 4
-
Heap-spray pattern detected high SC_HEAP_SPRAYRepeated 0x04 bytes found
Disassembly
Attempted x86 opcode disassembly000C3C90 0404 add al, 4 000C3C92 0404 add al, 4 000C3C94 0404 add al, 4 000C3C96 0404 add al, 4 000C3C98 0404 add al, 4 000C3C9A 0404 add al, 4 000C3C9C 0404 add al, 4 000C3C9E 0404 add al, 4 000C3CA0 0404 add al, 4 000C3CA2 0404 add al, 4 000C3CA4 0404 add al, 4 000C3CA6 0404 add al, 4 000C3CA8 0404 add al, 4 000C3CAA 0404 add al, 4 000C3CAC 0404 add al, 4 000C3CAE 0404 add al, 4 000C3CB0 0404 add al, 4 000C3CB2 0404 add al, 4 000C3CB4 0404 add al, 4 000C3CB6 0404 add al, 4 000C3CB8 0404 add al, 4 000C3CBA 0404 add al, 4 000C3CBC 0404 add al, 4 000C3CBE 0404 add al, 4 000C3CC0 0404 add al, 4 000C3CC2 0404 add al, 4 000C3CC4 0404 add al, 4 000C3CC6 0404 add al, 4 000C3CC8 0404 add al, 4 000C3CCA 0404 add al, 4 000C3CCC 0404 add al, 4 000C3CCE 0404 add al, 4 000C3CD0 0404 add al, 4 000C3CD2 0404 add al, 4 000C3CD4 0404 add al, 4 000C3CD6 0404 add al, 4 000C3CD8 0404 add al, 4 000C3CDA 0404 add al, 4 000C3CDC 0404 add al, 4 000C3CDE 0404 add al, 4 000C3CE0 0404 add al, 4 000C3CE2 0404 add al, 4 000C3CE4 0404 add al, 4 000C3CE6 0404 add al, 4 000C3CE8 0404 add al, 4 000C3CEA 0404 add al, 4 000C3CEC 0404 add al, 4 000C3CEE 0404 add al, 4
-
OLE file has appended executable-looking payload bytes high OLE_APPENDED_PAYLOADOLE compound file contains a large high-entropy region beyond the declared major streams and that region includes shellcode, PE, or loader API markers. This is a payload-carrier signal, not a specific CVE attribution by itself.
-
NOP-equivalent sled detected medium SC_NOP_EQUIV_SLEDLong run of 0x40 bytes
Disassembly
Attempted x86 opcode disassembly000B8E21 40 inc eax 000B8E22 40 inc eax 000B8E23 40 inc eax 000B8E24 40 inc eax 000B8E25 40 inc eax 000B8E26 40 inc eax 000B8E27 40 inc eax 000B8E28 40 inc eax 000B8E29 40 inc eax 000B8E2A 40 inc eax 000B8E2B 40 inc eax 000B8E2C 40 inc eax 000B8E2D 40 inc eax 000B8E2E 40 inc eax 000B8E2F 40 inc eax 000B8E30 40 inc eax 000B8E31 40 inc eax 000B8E32 40 inc eax 000B8E33 40 inc eax 000B8E34 40 inc eax 000B8E35 40 inc eax 000B8E36 40 inc eax 000B8E37 40 inc eax 000B8E38 40 inc eax 000B8E39 40 inc eax 000B8E3A 40 inc eax 000B8E3B 40 inc eax 000B8E3C 40 inc eax 000B8E3D 40 inc eax 000B8E3E 40 inc eax 000B8E3F 40 inc eax 000B8E40 40 inc eax 000B8E41 40 inc eax 000B8E42 40 inc eax 000B8E43 40 inc eax 000B8E44 40 inc eax 000B8E45 40 inc eax 000B8E46 40 inc eax 000B8E47 40 inc eax 000B8E48 40 inc eax 000B8E49 40 inc eax 000B8E4A 40 inc eax 000B8E4B 40 inc eax 000B8E4C 40 inc eax 000B8E4D 40 inc eax 000B8E4E 40 inc eax 000B8E4F 40 inc eax 000B8E50 40 inc eax 000B8E51 40 inc eax 000B8E52 40 inc eax 000B8E53 40 inc eax 000B8E54 40 inc eax 000B8E55 40 inc eax 000B8E56 40 inc eax 000B8E57 40 inc eax 000B8E58 40 inc eax 000B8E59 40 inc eax 000B8E5A 40 inc eax 000B8E5B 40 inc eax 000B8E5C 40 inc eax 000B8E5D 40 inc eax 000B8E5E 40 inc eax 000B8E5F 40 inc eax 000B8E60 40 inc eax 000B8E61 40 inc eax 000B8E62 40 inc eax 000B8E63 40 inc eax 000B8E64 40 inc eax 000B8E65 40 inc eax 000B8E66 40 inc eax 000B8E67 40 inc eax 000B8E68 40 inc eax 000B8E69 40 inc eax 000B8E6A 40 inc eax 000B8E6B 40 inc eax 000B8E6C 40 inc eax 000B8E6D 40 inc eax 000B8E6E 40 inc eax 000B8E6F 40 inc eax 000B8E70 40 inc eax 000B8E71 40 inc eax 000B8E72 40 inc eax 000B8E73 40 inc eax 000B8E74 40 inc eax 000B8E75 40 inc eax 000B8E76 40 inc eax 000B8E77 40 inc eax 000B8E78 40 inc eax 000B8E79 40 inc eax 000B8E7A 40 inc eax 000B8E7B 40 inc eax 000B8E7C 40 inc eax 000B8E7D 40 inc eax 000B8E7E 40 inc eax 000B8E7F 40 inc eax 000B8E80 40 inc eax
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.apple.com/DTDs/PropertyList-1.0.dtd In document text (OLE body)
- http://ns.adobe.com/xap/1.0/In document text (OLE body)
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
- http://ns.adobe.com/iX/1.0/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
Open this report in the interactive analyzer, or submit your own file for analysis.