MALICIOUS
100
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File
T1566.001 Phishing: Spearphishing Attachment
The file is a Microsoft Word document that triggers a critical heuristic for CVE-2006-6456, indicating exploitation of a malformed table SPRM vulnerability. The large slack space anomaly further suggests potential malicious content or obfuscation. The document body is heavily corrupted, preventing analysis of its specific lure, but the vulnerability itself points to an attack pattern involving user execution of a malicious attachment.
Heuristics 2
-
CVE-2006-6456 — Microsoft Word malformed table SPRM critical CVE exact CVE_2006_6456WordDocument contains a malformed table border-color SPRM in the CVE-2006-6456 shape: a valid table-SPRM cluster is followed by an invalid high-byte 0xFF SPRM where Word expects a normal sprmTBrc*Cv record. Vulnerable Word 2000/2002/2003 parsers corrupt memory while handling this malformed data structure.
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 167,412 bytes but its declared streams total only 94,801 bytes — 72,611 bytes (43%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Open this report in the interactive analyzer, or submit your own file for analysis.