Office (OLE) / .TXT malware analysis — malicious · 150cb73b720ecf3e

MALICIOUS

Office (OLE) / .TXT

38.5 KB Created: 2000-03-29 23:45:00 Authoring application: Microsoft Word 8.0

MD5: 00432ef3362edc757632a9c7be78962a SHA-1: bceb65505fab5d87317335d555fa0671d2ca9775 SHA-256: 150cb73b720ecf3eacd4d4f71552f063d7361048f45761289ad73906030897e6

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file contains VBA macros, with a high-severity heuristic indicating a 'Document_Open' macro is present. The macro attempts to write its own code to 'c:\cont.dbl', suggesting it is designed to execute malicious code or download a second-stage payload. The ClamAV detection 'Doc.Trojan.Blaster-7' further confirms its malicious nature.

Heuristics 3

ClamAV: Doc.Trojan.Blaster-7 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Blaster-7
Document_Open macro high OLE_VBA_DOCOPEN

Document_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `a9bce6cdf273eb8e0d05557e09a02afc68081a9b30e95b8f86d52092f6ee0dd7`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	26205 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.