Office (OLE) / .DOC malware analysis — malicious · 9c98782a81ee188b

MALICIOUS

Office (OLE) / .DOC

123.5 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: 98fcc03ad7453b961c1ed8977920cdf0 SHA-1: 51dc02137469c2b77d77fddf1d9f487dabe54b22 SHA-256: 9c98782a81ee188b81a10e49120f418963df22067bef3400165b04f7126098c0

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The sample is a malicious OLE document with a high degree of slack space, indicating potential obfuscation or embedded malicious content. The PEB access heuristic suggests an attempt to interact with the process environment, often seen in exploit attempts. While no specific VBA or script content was provided, the overall structure and heuristics point towards a document designed to exploit a vulnerability and download a secondary payload.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 126,464 bytes but its declared streams total only 16,486 bytes — 109,978 bytes (87%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.