Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 eee37f89a363b511…

MALICIOUS

Office (OLE)

23.0 KB Created: 2017-10-26 08:07:00 Authoring application: Microsoft Office Word First seen: 2022-07-25
MD5: de1a43da5ad1bebe3b9abee150e846b8 SHA-1: f0fba098df350d3fdd2bae7e104d00105216137a SHA-256: eee37f89a363b5117599262ef4c60dd9550fddc8750ab8712234ab45311c4d2e
122 Risk Score

Heuristics 3

  • CVE-2007-3899 — Microsoft Word malformed string memory corruption critical CVE likely CVE_2007_3899
    Word OLE document has the MS07-060 malformed-string exploit shape: a Word 97-family FIB points to a malformed DOP/string-table region with an abnormal INT_MAX run, inflated text counters, and exploit payload or Mdropper.Z campaign evidence.
  • ClamAV: Doc.Exploit.DDEautoexec-6352494-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Exploit.DDEautoexec-6352494-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.