Office (OLE) malware analysis — malicious · e63f8bfd9c76a529

MALICIOUS

Office (OLE)

302.7 KB Created: 2011-04-04 06:50:00 Authoring application: Microsoft Office Word First seen: 2015-10-05

MD5: b79df2c0cf3e3f7689d5a44a4223445c SHA-1: b1b0f5daefb25989667e9d91560d626bf3d41c4b SHA-256: e63f8bfd9c76a52960aee0260e6344ba13e37a742b1996eb1813556d1809a886

140 Risk Score

Heuristics 3

Embedded Adobe Flash (SWF) in OLE document critical OFFICE_EMBEDDED_SWF

Document contains an embedded Adobe Flash (SWF) object. Vulnerabilities such as CVE-2018-4878 and CVE-2018-15982 involved Flash objects embedded in Office files. Adobe Flash has been end-of-life since December 2020.
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 309,944 bytes but its declared streams total only 22,169 bytes — 287,775 bytes (93%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
OLE file has appended executable-looking payload bytes high OLE_APPENDED_PAYLOAD

OLE compound file contains a large high-entropy region beyond the declared major streams and that region includes shellcode, PE, or loader API markers. This is a payload-carrier signal, not a specific CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.