MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1204 Malicious File
T1204.002 Malicious File: User Execution
The sample is an OLE document with a high slack space anomaly, indicating potential obfuscation or embedded malicious content. The presence of an x86 GetPC stub heuristic firing suggests the use of shellcode, commonly employed to exploit vulnerabilities. Given these indicators, the most likely attack pattern is exploitation of a Microsoft Excel vulnerability.
Heuristics 2
-
x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALLx86 GetPC stub (CALL $+5; POP EDI)
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 119,178 bytes but its declared streams total only 24,565 bytes — 94,613 bytes (79%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Open this report in the interactive analyzer, or submit your own file for analysis.