Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 9693f6b7b1237460…

MALICIOUS

Office (OLE) / .PPT

921.5 KB Created: 2008-01-27 01:25:33 Authoring application: Microsoft PowerPoint
MD5: bc21e919d88f2f10cf96a44d19752e3a SHA-1: f372b4e2056b4fc2e839efeeba31a62e6f113e04 SHA-256: 9693f6b7b1237460936a3206ffb669b3c4817e030f6ce6e7858316fbfca3c6f3
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Ppt.Exploit.Apptom-10029459-0, indicating it is a PowerPoint exploit. OleVBA failed to extract macros, suggesting potential encryption or a malformed OLE structure, but format-agnostic scans confirmed maliciousness. The document body contains garbled text, which is common in exploited files.

Heuristics 2

  • ClamAV: Ppt.Exploit.Apptom-10029459-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Ppt.Exploit.Apptom-10029459-0
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (error); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.