Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 02b8d50098dcc497…

MALICIOUS

Office (OLE)

13.0 KB Created: 2027-12-31 00:00:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 2831f9735132c99b473db9bfcacafed2 SHA-1: 35e0402128f8f2a1f67baf6fb21aeb622c73fb89 SHA-256: 02b8d50098dcc49742ae96cc335fab7a94acbb4943b214817b9aecbf7290cd0e
80 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is identified as malicious by ClamAV with the signature Win.Trojan.Pox-11. A legacy WordBasic auto-exec macro marker, specifically 'AutoOpen', was detected, indicating an attempt to automatically execute malicious code upon opening the document. This suggests a spearphishing attachment attack vector.

Heuristics 2

  • ClamAV: Win.Trojan.Pox-11 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Pox-11
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.