Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 de4a9c7ee64f0835…

MALICIOUS

Office (OLE) / .PPT

616.5 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft PowerPoint
MD5: 7dd04ac885474cae3945361e0eb33f1d SHA-1: 0a83cac2e53394762b80dcfba090554fc80062e5 SHA-256: de4a9c7ee64f0835101956b3a21345450d728ed7ecb1c42906d3ef6ffa947c12
180 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Win.Trojan.Exploit-110. Heuristics indicate the use of VirtualAlloc, LoadLibrary, and GetProcAddress APIs, suggesting dynamic code loading and execution. The presence of a NOP-equivalent sled further supports exploit activity. No document body or script content was available for deeper analysis, limiting the ability to determine the exact payload or delivery mechanism.

Heuristics 6

  • ClamAV: Win.Trojan.Exploit-110 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Exploit-110
  • Reference to LoadLibrary API high SC_STR_LOADLIBRARY
    Reference to LoadLibrary API
  • Reference to GetProcAddress API high SC_STR_GETPROCADDRESS
    Reference to GetProcAddress API
  • NOP-equivalent sled detected medium SC_NOP_EQUIV_SLED
    Long run of 0x40 bytes
  • Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC
    Reference to VirtualAlloc API
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.iec.ch

Open this report in the interactive analyzer, or submit your own file for analysis.