Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 e78b7fa6b7bce022…

MALICIOUS

Office (OLE) / .DOC

147.5 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0
MD5: ef6483074247705d6ee37a52dbc0d700 SHA-1: 551fb94aff0bf75eed415317904db41af9a0a120 SHA-256: e78b7fa6b7bce022bc976fbd44b707f6033b3397dd735d0529519c270f825625
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution

The sample is a Microsoft Word document that triggers a critical heuristic for CVE-2006-6456, a known vulnerability in Word's handling of malformed table SPRMs. This vulnerability allows for arbitrary code execution when the document is opened. A high severity heuristic also fired for CreateProcess API, indicating the potential for process creation, likely as a result of the exploit.

Heuristics 2

  • CVE-2006-6456 — Microsoft Word malformed table SPRM critical CVE exact CVE_2006_6456
    WordDocument contains a malformed table border-color SPRM in the CVE-2006-6456 shape: a valid table-SPRM cluster is followed by an invalid high-byte 0xFF SPRM where Word expects a normal sprmTBrc*Cv record. Vulnerable Word 2000/2002/2003 parsers corrupt memory while handling this malformed data structure.
  • Reference to CreateProcess API high SC_STR_CREATEPROCESS
    Reference to CreateProcess API

Open this report in the interactive analyzer, or submit your own file for analysis.