Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 dafdd71e4761460f…

MALICIOUS

Office (OLE)

21.0 KB Created: 2001-07-21 06:43:00 Authoring application: Microsoft Word 9.0 First seen: 2012-06-14
MD5: 0989fdfe84d43ac4c431e45a2b9a8afd SHA-1: e9402cdd3a9a85ffae1a7d64867a484cd0c379ac SHA-256: dafdd71e4761460fc779dc0b0fc816392ca4cf7569abfd10a57c37f2eaa7fac3
100 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is an OLE file containing an Ole10Native object, which is a strong indicator of potential exploitation for CVE-2026-21514. This object is designed to drop an executable payload, as indicated by the 'exe' extension in the heuristic firing. The document body text is minimal and does not provide further context on the lure.

Heuristics 2

  • OLE with Ole10Native — possible CVE-2026-21514 exploitation high CVE likely CVE_2026_21514
    Document contains a Word OLE object with Ole10Native plus executable, PE, or risky remote-link indicators. CVE-2026-21514 exploits OLE metadata validation; this stronger structure is treated as likely exploitation.
  • Ole10Native package drops an auto-executable payload critical OFFICE_PACKAGE_RISKY_FILE
    OLE Package displayName or fullPath ends in a directly auto-executable extension (a runnable binary or a script the default shell host runs on double-click). Embedding such a payload inside an Office document has no benign authoring use — it is a malware-delivery dropper.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ole10native_00.bin ole-package OLE Ole10Native stream: ObjectPool/_1057210187/Ole10Native 6188 bytes
SHA-256: 15b1f2717745b765886e18bce86f54c1d9550aef1139ec3199e6632932cf1515

Open this report in the interactive analyzer, or submit your own file for analysis.