Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 b1993f230716bb7d…

MALICIOUS

Office (OLE)

1.55 MB Created: 2003-03-26 12:01:35 Authoring application: Microsoft PowerPoint
MD5: 57b0402fccf7da49af9ec09c98a5af89 SHA-1: c2bae9212723a24820c14f021c2132a94136ef3e SHA-256: b1993f230716bb7def07ae2a8212662c8b92d17f43c5551c0d91d8335cc989fd
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1559.001 Component Object Model Hijacking

The sample is a PowerPoint file that contains an embedded PE executable. This executable is likely the primary payload. The document body text is in Japanese and appears to be corporate motivational content, which is likely a lure to disguise the malicious nature of the file. No scripts were extracted from this sample.

Heuristics 3

  • Embedded PE executable critical OLE_EMBEDDED_EXE
    MZ/PE header found inside document — possible embedded executable
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.iec.ch

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_office_00003400.exe
394cabbcb64d210d14109fb068373b72f77afd9af2f4da7c09f2b4135c76dfca		 embedded-pe Office MZ+PE at offset 0x3400 1613824 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.

Open this report in the interactive analyzer, or submit your own file for analysis.