Win.Malware.Jaik-7602018-0 — Office (OOXML) malware analysis

Static analysis result for SHA-256 0dcf533297d5a74e…

MALICIOUS

Office (OOXML)

1.14 MB Created: 2018-12-22 20:06:00 UTC Authoring application: Microsoft Office Word 14.0000 First seen: 2019-01-25
MD5: 082b6fe3556f80e2778c749b2b9995ce SHA-1: a112e6d716554d962df670352261b12d31e5ca16 SHA-256: 0dcf533297d5a74e051c95840e58442203e15af4c1e7432228dec04acb285784
62 Risk Score

Malware Insights

Win.Malware.Jaik-7602018-0 · confidence 85%

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The file was detected by ClamAV as Win.Malware.Jaik-7602018-0, indicating a known malicious signature. The presence of embedded URLs, though benign in this case, suggests an attempt to interact with external resources. The overall structure and detection point towards a malicious document designed to exploit vulnerabilities and download further malicious content.

Heuristics 2

  • ClamAV: Win.Malware.Jaik-7602018-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Malware.Jaik-7602018-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas In document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/markup-compatibility/2006In document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/officeDocument/2006/relationshipsIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/officeDocument/2006/mathIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/wordprocessingml/2006/mainIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordmlIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordprocessingGroupIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordprocessingInkIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2006/wordmlIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordprocessingShapeIn document text (OOXML body / shared strings)