Malicious Office (OLE) — malware analysis report

Heuristics 8

• OLE with Ole10Native — possible CVE-2026-21514 exploitation high CVE likely CVE_2026_21514
  Document contains a Word OLE object with Ole10Native plus executable, PE, or risky remote-link indicators. CVE-2026-21514 exploits OLE metadata validation; this stronger structure is treated as likely exploitation.
• Embedded PE executable critical OLE_EMBEDDED_EXE
  MZ/PE header found inside document — possible embedded executable
• Ole10Native package drops an auto-executable payload critical OFFICE_PACKAGE_RISKY_FILE
  OLE Package displayName or fullPath ends in a directly auto-executable extension (a runnable binary or a script the default shell host runs on double-click). Embedding such a payload inside an Office document has no benign authoring use — it is a malware-delivery dropper.
• Reference to LoadLibrary API high SC_STR_LOADLIBRARY
  Reference to LoadLibrary API
• Reference to GetProcAddress API high SC_STR_GETPROCADDRESS
  Reference to GetProcAddress API
• Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC
  Reference to VirtualAlloc API
• Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
  Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://schemas.micr In document text (OLE body)

  • http://www.pressebox.de/attachment/102607/Jongloro1_color_DIN_A3_Shirt_72dpi_30cm.jpgIn document text (OLE body)
  • http://schemas.microsoft.com/sharepoint/v3/contenttype/formsIn document text (OLE body)
  • http://schemas.openxmlformats.org/officeDocument/2006/customXmlIn document text (OLE body)
  • http://schemas.microsoft.com/office/2006/metadata/contentTypeIn document text (OLE body)
  • http://schemas.microsoft.com/office/2006/metadata/properties/metaAttributesIn document text (OLE body)
  • http://schemas.microsoft.com/office/2006/metadata/propertiesIn document text (OLE body)
  • http://www.w3.org/2001/XMLSchemaIn document text (OLE body)
  • http://schemas.openxmlformats.org/package/2006/metadata/core-propertiesIn document text (OLE body)
  • http://www.w3.org/2001/XMLSchema-instanceIn document text (OLE body)
  • http://purl.org/dc/elements/1.1/In document text (OLE body)
  • http://purl.org/dc/terms/In document text (OLE body)
  • http://schemas.microsoft.com/internal/obdIn document text (OLE body)
  • http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsdIn document text (OLE body)
  • http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcterms.xsdIn document text (OLE body)
  • http://schemas.microsoft.com/office/infopath/2007/PartnerControlsIn document text (OLE body)
  • http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.