Office (OLE) / .DOC malware analysis — malicious · de37ef76cc51355a

MALICIOUS

Office (OLE) / .DOC

132.5 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0

MD5: 6e4b5cc9a357753c3c8ec2711d3b1ec0 SHA-1: c1b771643e25ff14da3cd6d223e4a365fe3c1c66 SHA-256: de37ef76cc51355ace8270b7e884605d363b4a2a30b184c770ae142573a4d79b

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The sample contains references to VirtualProtect, LoadLibrary, and GetProcAddress APIs, indicating an attempt to dynamically load and execute code. The presence of these high-severity heuristics suggests the document is designed to bypass security controls and run malicious code. The document body is heavily obfuscated and does not provide clear user-facing content, further supporting a malicious intent.

Heuristics 3

Reference to LoadLibrary API high SC_STR_LOADLIBRARY

Reference to LoadLibrary API
Reference to GetProcAddress API high SC_STR_GETPROCADDRESS

Reference to GetProcAddress API
Reference to VirtualProtect API medium SC_STR_VIRTUALPROTECT

Reference to VirtualProtect API

Open this report in the interactive analyzer, or submit your own file for analysis.