Office (OLE) / .DOC malware analysis — malicious · 9fcd232cf2484d93

MALICIOUS

Office (OLE) / .DOC

57.7 KB Created: 2006-01-25 08:30:00 Authoring application: Microsoft Office Word

MD5: 96fe7f0642e6716cd81351eb2ee575b4 SHA-1: 9bdb1a940f665e95e5287ba8475911313b14a14a SHA-256: 9fcd232cf2484d938ee9307ab9c9946bd93e7dbb8e334f84e909a8e66a75b9f0

80 Risk Score

Malware Insights

The document contains a reference to the CreateProcess API, indicating an attempt to execute a process. The OLE slack anomaly suggests potential obfuscation or embedded malicious content. Without a document body or script content, the exact nature of the payload and delivery mechanism cannot be determined.

Heuristics 2

Reference to CreateProcess API high SC_STR_CREATEPROCESS

Reference to CreateProcess API
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 59,040 bytes but its declared streams total only 21,151 bytes — 37,889 bytes (64%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.