Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 991cb8f45ed44cc8…

MALICIOUS

Office (OLE)

184.0 KB Created: 2010-05-03 12:07:00 Authoring application: Microsoft Word 10.0
MD5: 35d59bbcc75b2a00943fb21ad0236e93 SHA-1: 55d9596e735a1c3e47b66f47341c631401fb01af SHA-256: 991cb8f45ed44cc89aab1970e7cfdcfc24f294595a54b5235ccad98ddd803a6b
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution T1059.001 PowerShell T1105 Ingress Tool Transfer

The sample is an OLE document that contains a heuristic firing for CVE_2026_21514, indicating a potential exploit within the OLE object. The presence of WinExec and VirtualAlloc API references further suggests malicious code execution capabilities. The document body is a commercial invoice, likely a lure to entice the user to open and interact with the malicious OLE object.

Heuristics 3

  • OLE with Ole10Native — possible CVE-2026-21514 exploitation high CVE likely CVE_2026_21514
    Document contains a Word OLE object with Ole10Native plus executable, PE, or risky remote-link indicators. CVE-2026-21514 exploits OLE metadata validation; this stronger structure is treated as likely exploitation.
  • Reference to WinExec API high SC_STR_WINEXEC
    Reference to WinExec API
  • Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC
    Reference to VirtualAlloc API

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ole10native_00.bin
cb53757a5a52bb8171a35fb1a0f767e0f0db64f2b1228dee206e67b278828045		 ole-package OLE Ole10Native stream: ObjectPool/_986112420/Ole10Native 41580 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.