MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1204 Malicious File
T1059 Command and Scripting Interpreter
The OLE document exhibits a large slack space anomaly, indicating potential obfuscation or embedded malicious content. The PEB access heuristic suggests an attempt to interact with the process environment, often used to bypass security controls or prepare for code execution. While no specific exploit is identified, these indicators point towards a malicious document likely designed to exploit a vulnerability and execute a payload.
Heuristics 2
-
PEB access via FS segment (x86) high SC_PEB_ACCESSPEB access via FS segment (x86)
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 178,177 bytes but its declared streams total only 94,801 bytes — 83,376 bytes (47%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Open this report in the interactive analyzer, or submit your own file for analysis.