Office (OLE) malware analysis — malicious · a5616b9ed959bc99

MALICIOUS

Office (OLE)

102.5 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: 277255a0ed3df1d42618da00fafbb07e SHA-1: 299874b8d82232c8345ea31e8157970443f71f86 SHA-256: a5616b9ed959bc9982a417e37186af9f7d861fb1cd8ca666fdffa9e8e44f66e0

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is a malicious OLE document exhibiting a large slack space anomaly, suggesting hidden or packed content. A high-severity heuristic firing for PEB access indicates potential anti-analysis or code injection techniques. While no document body or scripts were directly extracted, the combination of these indicators points to a likely exploit attempt within the Office document to download and execute a secondary payload.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 105,008 bytes but its declared streams total only 16,486 bytes — 88,522 bytes (84%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.