Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 d35fe68610391ad7…

MALICIOUS

Office (OLE) / .PPT

1.26 MB Created: 2005-11-24 17:04:41 Authoring application: Microsoft Office PowerPoint
MD5: beb1ed91e91ab9b6078802f5e0f2a189 SHA-1: 8f1ba245a41c236200903e8d4679903c0350cdd7 SHA-256: d35fe68610391ad7779df2764d05a6ca3c87285ce4ecc1f3d9c0958c5cce7473
80 Risk Score

Malware Insights

The PowerPoint file contains references to LoadLibrary and GetProcAddress APIs, indicating an attempt to dynamically load and execute code. While no specific document body content or scripts were extracted, these API calls strongly suggest the presence of malicious functionality within the presentation, likely to download or execute a secondary payload. The file's metadata indicates it is an older PowerPoint file, but the heuristic firings are still relevant.

Heuristics 2

  • Reference to LoadLibrary API high SC_STR_LOADLIBRARY
    Reference to LoadLibrary API
  • Reference to GetProcAddress API high SC_STR_GETPROCADDRESS
    Reference to GetProcAddress API

Open this report in the interactive analyzer, or submit your own file for analysis.