Office (OLE) / .DOC malware analysis — malicious · d94efff5d49736cd

MALICIOUS

Office (OLE) / .DOC

303.5 KB Created: 2010-05-27 03:19:00 Authoring application: Microsoft Office Word

MD5: 299887a226e7dcbdd29842386b450a78 SHA-1: 35d198fb0080cd4efaf791ba1288ccd9955975e3 SHA-256: d94efff5d49736cd1827aa31fd41bbf498ed485b28131709e1126738915703e5

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1559.001 Component Object Model Hijacking

The sample is a Microsoft Office document containing an embedded PE executable. The presence of the ShellExecute API reference and the embedded executable strongly suggests that the document is designed to drop and execute a malicious payload. The document body discusses technical specifications of electrical steel, which is likely a lure to disguise the malicious nature of the file.

Heuristics 2

Embedded PE executable critical OLE_EMBEDDED_EXE

MZ/PE header found inside document — possible embedded executable
Reference to ShellExecute API high SC_STR_SHELLEXEC

Reference to ShellExecute API

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_office_0003d0ad.exe` `dc1867aca71f8f5d1bc8126da262cb248e990a8026b6bd63c7821107208c38d0`	embedded-pe	Office MZ+PE at offset 0x3D0AD	60755 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.