Office (OLE) malware analysis — malicious · e923c3aa42ca3bd2

MALICIOUS

Office (OLE)

60.7 KB Created: 2007-09-18 04:34:00 Authoring application: Microsoft Word 11.

MD5: 91ffff9c6a1749b648689f5e06505fa0 SHA-1: 4f3269812c40c6adab4244e8633fb050e3c58842 SHA-256: e923c3aa42ca3bd2fd1d2493bb15d833deeaa403c4adc29ade450be421a80ad7

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious File T1204.002 Malicious File: User Execution: Malicious Attachment

The file is a Microsoft Word document exhibiting a large amount of slack space, a common indicator of packed or obfuscated content. The heuristic 'SC_PEB_ACCESS' suggests the document attempts to access process information, likely to facilitate exploitation. While no specific exploit or payload is directly identified, the combination of these factors strongly indicates an attempt to leverage a vulnerability for remote code execution.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 62,172 bytes but its declared streams total only 16,486 bytes — 45,686 bytes (73%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.