Office (OLE) / .DOC malware analysis — malicious · f1cca63d135eb654

MALICIOUS

Office (OLE) / .DOC

96.5 KB Created: 2001-12-14 14:26:00 Authoring application: Microsoft Word 9.0

MD5: 9b7ad7d80d48cb951d9fbe4d9d66faac SHA-1: b954344b2e0b27b02785dc1346fb10e39a95dd48 SHA-256: f1cca63d135eb654a55713bd1892632900ae15d37b2efdc467c29bd6f755f45d

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is a Microsoft Word document exhibiting characteristics of malicious code execution. Heuristics detected a NOP sled and an XOR decoder, commonly used to obfuscate shellcode. The document body is heavily obfuscated and unreadable, further supporting the presence of malicious intent. Without further script analysis or network indicators, the exact payload and delivery mechanism remain unclear.

Heuristics 2

NOP sled detected high SC_NOP_SLED

Found 20+ consecutive 0x90 bytes
XOR decoder loop stub high SC_XOR_DECODER

XOR decoder loop stub

Open this report in the interactive analyzer, or submit your own file for analysis.