Office (OLE) / .DOC malware analysis — malicious · d5ae3a474a192dce

MALICIOUS

Office (OLE) / .DOC

87.9 KB Created: 2009-05-15 02:00:00 Authoring application: Microsoft Word 9.1

MD5: 98424e66a98813139ee2fd875db286bf SHA-1: 1ca5e96416bf2ebacc558bd752498515bead312a SHA-256: d5ae3a474a192dce54dca7fe2a3ceabc82d9026d0bd145023ab3bc5586866662

80 Risk Score

Heuristics 2

x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EDI)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 89,983 bytes but its declared streams total only 8,934 bytes — 81,049 bytes (90%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.