Office (OOXML) malware analysis — malicious · a112274e109c5819

MALICIOUS

Office (OOXML)

32.2 KB Created: 2014-09-09 05:02:56 UTC Authoring application: Microsoft Office PowerPoint 12.0000 First seen: 2017-08-27

MD5: e8ad2a5650ba9b89c44389f78da205c8 SHA-1: 2fb1be057e15809a2995aebb2e1d52807e38fa83 SHA-256: a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218a35

102 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution

The file is identified as malicious due to a critical ClamAV detection for Ppt.Exploit.CVE_2017_0199-6336815-3. It contains an external relationship pointing to a URL, indicating it attempts to download a secondary payload. The presence of 'CVE-2017-8570 style.visibility' in the document body further suggests exploitation of a known vulnerability.

Heuristics 3

ClamAV: Ppt.Exploit.CVE_2017_0199-6336815-3 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Ppt.Exploit.CVE_2017_0199-6336815-3
External relationship high OOXML_EXTERNAL_REL

External target in ppt/slides/_rels/slide1.xml.rels: script:http://192.166.218.230:3550/logo.doc
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://192.166.218.230:3550/logo.doc OOXML external relationship

Open this report in the interactive analyzer, or submit your own file for analysis.