Office (OLE) malware analysis — malicious · cb55fa492e555a53

MALICIOUS

Office (OLE)

61.2 KB Created: 2006-01-25 08:30:00 Authoring application: Microsoft Office Word

MD5: 983fbea0036f22151e1e6039575a8e12 SHA-1: 3a03d4e55d82f758072ec911209cbe395541ac14 SHA-256: cb55fa492e555a53bc900e729087a8234c9f2a3b3090e02641702ef148740fcd

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The sample is an OLE document with a high slack anomaly, indicating potential obfuscation or embedded malicious content. A heuristic firing for CreateProcess API suggests the document attempts to launch an external process. The document body is unreadable, and no scripts were extracted, limiting further analysis. The confidence is moderate due to the lack of specific indicators beyond the CreateProcess heuristic.

Heuristics 2

Reference to CreateProcess API high SC_STR_CREATEPROCESS

Reference to CreateProcess API
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 62,624 bytes but its declared streams total only 21,151 bytes — 41,473 bytes (66%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.