Office (OLE) malware analysis — malicious · fe4540b09d765899

MALICIOUS

Office (OLE)

367.0 KB Created: 2001-12-22 10:49:00 Authoring application: Microsoft Word 9.0

MD5: 9b0a3e1467695b7867b91ee79aa26aeb SHA-1: c79252b6e9b88083003d285ac1c21c6f93f10c4e SHA-256: fe4540b09d7658993335572361f8716619c28db88657016209a7b2ce2ea54e6b

140 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1059.001 PowerShell

The sample is an OLE document that contains a reference to the WinExec API and VirtualAlloc API, indicating potential code execution. The presence of 'Ole10Native' strongly suggests exploitation of CVE-2026-21514. Although the document body appears to be academic course information, the heuristic 'SE_ADVANCE_FEE_SCAM_LURE' suggests the content is a lure for an advance-fee fraud. No scripts were extracted, but the OLE object itself is the primary indicator of compromise.

Heuristics 4

OLE with Ole10Native — possible CVE-2026-21514 exploitation high CVE likely CVE_2026_21514

Document contains a Word OLE object with Ole10Native plus executable, PE, or risky remote-link indicators. CVE-2026-21514 exploits OLE metadata validation; this stronger structure is treated as likely exploitation.
Reference to WinExec API high SC_STR_WINEXEC

Reference to WinExec API
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE

Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC

Reference to VirtualAlloc API

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ole10native_00.bin` `a4d9f2f9b86968c686007104bab2e9fcbb4f6b3203501aaff5550304dab87c9b`	ole-package	OLE Ole10Native stream: ObjectPool/_1009710835/Ole10Native	41580 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.