MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
The file exhibits characteristics of a legacy WordBasic macro virus, specifically identified by the 'TOOLSMACRO' marker. ClamAV detection confirms it as Win.Trojan.Box-3. The presence of these indicators strongly suggests the document is intended to execute malicious code, likely for further system compromise.
Heuristics 3
-
ClamAV: Win.Trojan.Box-3 critical CLAMAV_DETECTIONClamAV detected this file as malware: Win.Trojan.Box-3
-
Heap-spray pattern detected high SC_HEAP_SPRAYRepeated 0x07 bytes found
Disassembly
Attempted x86 opcode disassembly00000AF0 07 pop es 00000AF1 07 pop es 00000AF2 07 pop es 00000AF3 07 pop es 00000AF4 07 pop es 00000AF5 07 pop es 00000AF6 07 pop es 00000AF7 07 pop es 00000AF8 07 pop es 00000AF9 07 pop es 00000AFA 07 pop es 00000AFB 07 pop es 00000AFC 07 pop es 00000AFD 07 pop es 00000AFE 07 pop es 00000AFF 07 pop es 00000B00 07 pop es 00000B01 07 pop es 00000B02 07 pop es 00000B03 07 pop es 00000B04 07 pop es 00000B05 07 pop es 00000B06 07 pop es 00000B07 07 pop es 00000B08 07 pop es 00000B09 07 pop es 00000B0A 07 pop es 00000B0B 07 pop es 00000B0C 07 pop es 00000B0D 07 pop es 00000B0E 07 pop es 00000B0F 07 pop es 00000B10 07 pop es 00000B11 07 pop es 00000B12 07 pop es 00000B13 07 pop es 00000B14 07 pop es 00000B15 07 pop es 00000B16 07 pop es 00000B17 07 pop es 00000B18 07 pop es 00000B19 07 pop es 00000B1A 07 pop es 00000B1B 07 pop es 00000B1C 07 pop es 00000B1D 07 pop es 00000B1E 07 pop es 00000B1F 07 pop es 00000B20 07 pop es 00000B21 07 pop es 00000B22 07 pop es 00000B23 07 pop es 00000B24 07 pop es 00000B25 07 pop es 00000B26 07 pop es 00000B27 07 pop es 00000B28 07 pop es 00000B29 07 pop es 00000B2A 07 pop es 00000B2B 07 pop es 00000B2C 07 pop es 00000B2D 07 pop es 00000B2E 07 pop es 00000B2F 07 pop es 00000B30 07 pop es 00000B31 07 pop es 00000B32 07 pop es 00000B33 07 pop es 00000B34 07 pop es 00000B35 07 pop es 00000B36 07 pop es 00000B37 07 pop es 00000B38 07 pop es 00000B39 07 pop es 00000B3A 07 pop es 00000B3B 07 pop es 00000B3C 07 pop es 00000B3D 07 pop es 00000B3E 07 pop es 00000B3F 07 pop es 00000B40 07 pop es 00000B41 07 pop es 00000B42 07 pop es 00000B43 07 pop es 00000B44 07 pop es 00000B45 07 pop es 00000B46 07 pop es 00000B47 07 pop es 00000B48 07 pop es 00000B49 07 pop es 00000B4A 07 pop es 00000B4B 07 pop es 00000B4C 07 pop es 00000B4D 07 pop es 00000B4E 07 pop es 00000B4F 07 pop es
-
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUSOLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.
Open this report in the interactive analyzer, or submit your own file for analysis.