Office (OLE) / .TMP malware analysis — malicious · ca50febaedcee322

MALICIOUS

Office (OLE) / .TMP

79.3 KB Created: 2009-05-15 02:00:00 Authoring application: Microsoft Word 9.0

MD5: e4660d52b4ff4e154b0c6d9eec914b1f SHA-1: 6f8efcc66e49007183c5f5a6df8574ccfc80d426 SHA-256: ca50febaedcee322334d7b139aefc077abb58d753b81e1a64321ee4eaa8f1921

80 Risk Score

Heuristics 2

NOP sled detected high SC_NOP_SLED

Found 20+ consecutive 0x90 bytes
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 81,156 bytes but its declared streams total only 16,486 bytes — 64,670 bytes (80%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.