MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is a PowerPoint document identified as malicious. Static analysis detected an appended executable payload, indicating the document is likely a container for delivering malware. The presence of a NOP-equivalent sled further suggests shellcode or an exploit. The document body contains technical content unrelated to the malicious payload, suggesting it's a lure.
Heuristics 2
-
OLE file has appended executable-looking payload bytes high OLE_APPENDED_PAYLOADOLE compound file contains a large high-entropy region beyond the declared major streams and that region includes shellcode, PE, or loader API markers. This is a payload-carrier signal, not a specific CVE attribution by itself.
-
NOP-equivalent sled detected medium SC_NOP_EQUIV_SLEDLong run of 0x41 bytes
Disassembly
Attempted x86 opcode disassembly0017C8CA 41 inc ecx 0017C8CB 41 inc ecx 0017C8CC 41 inc ecx 0017C8CD 41 inc ecx 0017C8CE 41 inc ecx 0017C8CF 41 inc ecx 0017C8D0 41 inc ecx 0017C8D1 41 inc ecx 0017C8D2 41 inc ecx 0017C8D3 41 inc ecx 0017C8D4 41 inc ecx 0017C8D5 41 inc ecx 0017C8D6 41 inc ecx 0017C8D7 41 inc ecx 0017C8D8 41 inc ecx 0017C8D9 41 inc ecx 0017C8DA 41 inc ecx 0017C8DB 41 inc ecx 0017C8DC 41 inc ecx 0017C8DD 41 inc ecx 0017C8DE 41 inc ecx 0017C8DF 41 inc ecx 0017C8E0 41 inc ecx 0017C8E1 41 inc ecx 0017C8E2 41 inc ecx 0017C8E3 41 inc ecx 0017C8E4 41 inc ecx 0017C8E5 41 inc ecx 0017C8E6 41 inc ecx 0017C8E7 41 inc ecx 0017C8E8 41 inc ecx 0017C8E9 41 inc ecx 0017C8EA 41 inc ecx 0017C8EB 41 inc ecx 0017C8EC 41 inc ecx 0017C8ED 41 inc ecx 0017C8EE 41 inc ecx 0017C8EF ffc2 inc edx 0017C8F1 0011 add byte ptr [ecx], dl 0017C8F3 0801 or byte ptr [ecx], al 0017C8F5 a6 cmpsb byte ptr [esi], byte ptr es:[edi] 0017C8F6 01a903012200 add dword ptr [ecx + 0x220103], ebp 0017C8FC 0211 add dl, byte ptr [ecx] 0017C8FE 0103 add dword ptr [ebx], eax 0017C900 1101 adc dword ptr [ecx], eax 0017C902 ffc4 inc esp 0017C904 00cf add bh, cl 0017C906 0000 add byte ptr [eax], al 0017C908 0203 add al, byte ptr [ebx] 0017C90A 0101 add dword ptr [ecx], eax 0017C90C 0100 add dword ptr [eax], eax 0017C90E 0000 add byte ptr [eax], al 0017C910 0000 add byte ptr [eax], al 0017C912 0000 add byte ptr [eax], al 0017C914 0000 add byte ptr [eax], al 0017C916 0000 add byte ptr [eax], al 0017C918 0102 add dword ptr [edx], eax 0017C91A 03040506070100 add eax, dword ptr [eax + 0x10706] 0017C921 0301 add eax, dword ptr [ecx] 0017C923 0101 add dword ptr [ecx], eax 0017C925 0000 add byte ptr [eax], al 0017C927 0000 add byte ptr [eax], al 0017C929 00 .byte 0x00
Open this report in the interactive analyzer, or submit your own file for analysis.