Office (OLE) / .DOC malware analysis — malicious · c67a492463bee633

MALICIOUS

Office (OLE) / .DOC

2.14 MB Created: 2009-03-31 05:41:00 Authoring application: Microsoft Word 10.0

MD5: 7ff15b82c2e102f3d32336931f4738eb SHA-1: 4e2adeb2896f8b90748854c394d38f8928a3a3b2 SHA-256: c67a492463bee6335fc6c4779557dabcdd7b38c5591adb0a3f714a85c412c981

80 Risk Score

Malware Insights

The file is a Microsoft Word document with a significant amount of slack space, which is often used to hide malicious content. The 'x86 GetPC stub' heuristic suggests the presence of shellcode. No document body or scripts were extracted, limiting the ability to determine the exact attack pattern or family. The large slack space is the primary indicator of malicious intent.

Heuristics 2

x86 GetPC stub (CALL $+5; POP EAX) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EAX)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 2,247,657 bytes but its declared streams total only 16,536 bytes — 2,231,121 bytes (99%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.