Our analysis of =>Feb 22 CVE-2006-6456 MS Word Taiwan 2010 from email@example.com Febr 22, 2010 4:17 AM
"The "taskmgr.exe" embedded from offset 0x24E00. The exe is XOR'ed with 64 bit key 0xCA5039AF00000000. If you XOR the file again with same key you'll find the exe headers at offset 0x24E00." Please see the screenshot below.