Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 cc4e08463299db0b…

MALICIOUS

Office (OLE)

580.5 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft PowerPoint First seen: 2012-10-03
MD5: 860243f17377ace3b341c461b3583506 SHA-1: 55c53f6433ebe310bde8c3b0e517ac0789b0d309 SHA-256: cc4e08463299db0bfa56a0a2cfb1b559f639192b5715d57df90c6444277fb584
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The file was detected by ClamAV as Win.Exploit.13525-1, indicating it contains an exploit. It also contains an embedded URL pointing to a suspicious executable, suggesting it is designed to download and execute a secondary payload. The document is a PowerPoint file, commonly used for spearphishing attachments.

Heuristics 2

  • ClamAV: Win.Exploit.13525-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Exploit.13525-1
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://crowcatcher.net/devilsvn/downp12.exe In document text (OLE body)
    • http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.