Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 06cd680827ada22a…

MALICIOUS

Office (OLE)

7.0 KB First seen: 2012-06-14
MD5: cce2117ae43645d24c431017fcab4939 SHA-1: b8fd874ea56d8857ba6527af72339476c16091bb SHA-256: 06cd680827ada22af579d897b5c4e4641cf9ea5d9f8a4ad1874dd6fc026ea258
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample exhibits characteristics of a legacy macro virus, specifically identified by 'RSN MACRO VIRUS' markers and ClamAV detection as 'Win.Trojan.MWVCK-1'. The embedded text and office facts confirm the presence of legacy macro code, likely intended to infect other documents or spread itself. The family is unknown due to the age and generic nature of the indicators.

Heuristics 2

  • ClamAV: Win.Trojan.MWVCK-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.MWVCK-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.