Office (OLE) malware analysis — malicious · d196923a43e0c29e

MALICIOUS

Office (OLE)

43.5 KB Created: 1995-12-07 08:04:00 Authoring application: Microsoft Word for Windows 95

MD5: b74619bdc68eab8288791de9b71af5c0 SHA-1: e18fea6e180a8e29b6921df4461cde40b826c4ef SHA-256: d196923a43e0c29ee197974415014456b19399ca8c1c82f042d8104739c2a8b8

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The file is an OLE document with a significant amount of slack space, which is a common characteristic of macro-laden documents. ClamAV detected it as Win.Trojan.Macro-11. The document body contains what appear to be internal references or filenames, suggesting it may be a template or part of a larger exploit chain, but no direct malicious payload or script was extracted for further analysis.

Heuristics 2

ClamAV: Win.Trojan.Macro-11 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Macro-11
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 44,544 bytes but its declared streams total only 22,801 bytes — 21,743 bytes (49%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.