Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 f27bc337ff928722…

MALICIOUS

Office (OLE)

55.0 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft Office PowerPoint First seen: 2015-09-30
MD5: a59fc392a258de5cb5ef15fad1d18e80 SHA-1: 8fe6295c5aedbdc27e898e4a9dd75fd81185ceb4 SHA-256: f27bc337ff92872273be2d30829b30d6e5ed5013d937237efbd6a3eae9b81132
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as Win.Trojan.MSShellcode-6360729-4, indicating the presence of malicious shellcode. The document structure and embedded URL, though benign, suggest an attempt to disguise malicious content. The primary attack vector is likely spearphishing, where the document is sent as an attachment to trick the recipient into opening it.

Heuristics 2

  • ClamAV: Win.Trojan.MSShellcode-6360729-4 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.MSShellcode-6360729-4
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.