Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 04bd301f0e5864de…

MALICIOUS

Office (OLE)

23.0 KB Created: 1997-07-10 13:40:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: f8ff2fc12313f2b46a99683d61ae09a9 SHA-1: 9a9dc414d0bee31a3ec1c008fcba7344d2255150 SHA-256: 04bd301f0e5864deb9d29c0d67391ee20d18a18ccfe51914cd8f0434fc4eb6d2
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a legacy WordBasic macro-virus by heuristics, specifically noting the 'TOOLSMACRO' marker. This indicates the presence of malicious macro code designed to execute automatically when the document is opened, likely to perform harmful actions. The file's age and the nature of the detected threat suggest a classic macro-based malware delivery mechanism.

Heuristics 2

  • ClamAV: Win.Trojan.Percent-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Percent-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.