Office (OLE) / .DOC malware analysis — malicious · ba729dba7c6bb214

MALICIOUS

Office (OLE) / .DOC

47.8 KB

MD5: b96d174c517900ebadf3eff29155dce1 SHA-1: ddbb56e89ad5b7cceb1c7000ad783ddbb4208f81 SHA-256: ba729dba7c6bb214660f702d211dfb26adc7f564cf61222127ea7866d90ccc1b

102 Risk Score

Malware Insights

The file is detected as malicious by ClamAV with the signature Doc.Trojan.WhiteIce-1. Static analysis revealed a critical heap-spray pattern, indicating an attempt to exploit a memory corruption vulnerability. No VBA macros were extractable due to an unsupported format, but the heap spray suggests a memory corruption exploit is likely being leveraged.

Heuristics 3

ClamAV: Doc.Trojan.WhiteIce-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.WhiteIce-1
Heap-spray pattern detected high SC_HEAP_SPRAY

Repeated 0x41 (A) bytes found
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (AttributeError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.