Office (OLE) malware analysis — malicious · 057bd22ee2712f32

MALICIOUS

Office (OLE)

7.0 KB Created: 1997-01-18 16:50:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: d7c2bd995a6ad994515f3d81790bbbe6 SHA-1: 6e1e83825a37d8640efac032090209c0933742b2 SHA-256: 057bd22ee2712f3243e12258fea1b0f054b57c9b3e2ebda5569620b8a3a647f3

80 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is a legacy Word document containing a WordBasic auto-exec macro named AUTOOPEN, which is a strong indicator of malicious intent. The document body mentions 'A virus from Nightmare Joker' and uses the auto-exec marker, suggesting an attempt to execute malicious code upon opening. The presence of a legacy macro points towards an older, potentially less sophisticated, but still dangerous, malware delivery mechanism.

Heuristics 2

ClamAV: Win.Trojan.Minimal-11 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Minimal-11
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.