Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 b103aa54745ca43c…

MALICIOUS

Office (OLE) / .EXE

36.0 KB Created: 1996-08-30 18:22:00 Authoring application: Microsoft Word for Windows 95
MD5: e66bd850fcab850e2a0702f423d67f1c SHA-1: 2795d0ce263500ef78a7e7d7b7df2317913a4e7b SHA-256: b103aa54745ca43cf56467ee549a3762faf0ff8f58a5d8700456b756ce816557
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is an executable disguised as a Word 95 document, indicated by its metadata and the OLE slack anomaly. ClamAV detection as 'Doc.Trojan.Wazzu-6' strongly suggests malicious intent. The document body contains seemingly legitimate corporate planning text, likely a lure to trick users into executing the embedded payload.

Heuristics 2

  • ClamAV: Doc.Trojan.Wazzu-6 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Wazzu-6
  • OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY
    OLE file is 36,864 bytes but its declared streams total only 16,866 bytes — 19,998 bytes (54%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.