Office (OLE) / .TMP malware analysis — malicious · db31d01f2c4d42c8

MALICIOUS

Office (OLE) / .TMP

921.5 KB Created: 2008-01-27 01:25:33 Authoring application: Microsoft PowerPoint

MD5: b8794fc54a966bcb39a2c874721a4925 SHA-1: 1feb197b1176a1e779e82011b8dea56cb88d140c SHA-256: db31d01f2c4d42c8f18d18b684ebdf13be9da82472e394d834ddb2981dbe4ada

62 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Ppt.Exploit.Apptom-10029459-0, indicating it exploits a PowerPoint vulnerability. OleVBA failed to extract macros due to an unsupported format, suggesting potential obfuscation or legacy structure. The document body contains garbled text, further supporting a non-standard or malicious nature.

Heuristics 2

ClamAV: Ppt.Exploit.Apptom-10029459-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Ppt.Exploit.Apptom-10029459-0
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (error); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.