Office (OLE) / .DOC malware analysis — malicious · 93a07b1462e628a3

MALICIOUS

Office (OLE) / .DOC

209.5 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: fa78d0255ce6862976eefb8147484221 SHA-1: 8b8b0e35ded150c4ef57b7a6bf0bc980af4b43f5 SHA-256: 93a07b1462e628a3b3dd56bee54a2fed70d29d6e28e94d02d04a182335dda1fa

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is an OLE document with significant slack space, a common technique for hiding malicious code. The 'SC_PEB_ACCESS' heuristic indicates potential process manipulation. While no specific scripts were extracted, the presence of embedded URLs and the overall structure suggest a malicious container likely used for delivering further payloads.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 214,528 bytes but its declared streams total only 16,486 bytes — 198,042 bytes (92%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.