Malicious Office (OLE) / .RL — malware analysis report

Static analysis result for SHA-256 e8023e1362ee9240…

MALICIOUS

Office (OLE) / .RL

1.00 MB Created: 2011-05-31 13:26:31 Authoring application: Microsoft Office PowerPoint First seen: 2026-06-21
MD5: 2be66a8b0c41ae32057ff3d086208594 SHA-1: 13127101a772c376029a3b18bfc7e09417f19930 SHA-256: e8023e1362ee9240658565eabd18405e2694906a521377222984b82fdbb22714
64 Risk Score

Heuristics 3

  • CVE-2014-6352 — PowerPoint OLE INF package object critical CVE likely CVE_2014_6352
    Binary PowerPoint stream contains an embedded .inf package/object reference in System-object context plus embedded package local-header data. This matches the crafted PowerPoint OLE-object delivery shape associated with CVE-2014-6352.
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    The Analyzer could not extract VBA macros: the document may be legacy, encrypted or malformed.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
    • http://ns.adobe.com/xap/1.0/In document text (OLE body)
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OLE body)
    • http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
    • http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OLE body)
    • http://purl.org/dc/elements/1.1/In document text (OLE body)
    • http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
    • http://ns.adobe.com/tiff/1.0/In document text (OLE body)
    • http://ns.adobe.com/exif/1.0/In document text (OLE body)
    • http://www.iec.chIn document text (OLE body)