Office (OLE) / .DOC malware analysis — malicious · afbf6f475c857f4a

MALICIOUS

Office (OLE) / .DOC

37.0 KB Created: 1999-02-04 05:23:00 Authoring application: Microsoft Word for Windows 95 First seen: 2026-05-10

MD5: 76395819544049f331d46ac160be97af SHA-1: 8ca8bcccd0580135ff6155859942876bc96c0a53 SHA-256: afbf6f475c857f4a020dc97954c4991de954081bc79de257ebd4e390c3862f12

80 Risk Score

Heuristics 2

Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 37,888 bytes but its declared streams total only 21,503 bytes — 16,385 bytes (43%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.