MALICIOUS
60
Risk Score
Malware Insights
The sample is an OLE document with a significant amount of slack space, indicative of potential obfuscation or embedded malicious content. The document body presents itself as an application form for various permits, a common social engineering lure. The presence of a VirtualAlloc API reference suggests the potential for memory allocation for malicious code execution. No scripts were extracted, and no URLs were found, limiting further analysis of the payload delivery mechanism.
Heuristics 2
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 76,631 bytes but its declared streams total only 21,308 bytes — 55,323 bytes (72%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
-
Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOCReference to VirtualAlloc API
Open this report in the interactive analyzer, or submit your own file for analysis.