Office (OLE) / .DOC malware analysis — malicious · fb5380d037ed8d63

MALICIOUS

Office (OLE) / .DOC

99.0 KB Created: 2008-03-05 03:19:00 Authoring application: Microsoft Office Word

MD5: 1bb22a2e6f16a3914e029611d81b66f3 SHA-1: ae779d619be699bfa03108c9c3e0499393c89c8e SHA-256: fb5380d037ed8d631f876995bd6b294c0d0b00f7d91ca1626d54bace1ea9bf63

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious File

The file is a malicious OLE document. Static analysis revealed a NOP sled and a significant slack space anomaly, indicating the document is likely packed or obfuscated to hide malicious content. The exact exploit or payload could not be determined from the available heuristics.

Heuristics 2

NOP sled detected high SC_NOP_SLED

Found 20+ consecutive 0x90 bytes
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 101,376 bytes but its declared streams total only 20,635 bytes — 80,741 bytes (80%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.