Formbook — Office (OOXML) / .DOC malware analysis

Static analysis result for SHA-256 168170b8545a06d2…

MALICIOUS

Office (OOXML) / .DOC

57.7 KB Created: 2020-04-23 13:14:00 UTC Authoring application: Microsoft Office Word 12.0000
MD5: df7781e86ece99c8b65bac8a72bc26b9 SHA-1: 8a8311a0093730a2e8fff9f699fba868819aa667 SHA-256: 168170b8545a06d2c954de7536babc3a077cccc20c18aab3f16ee9bbe9ca7596
62 Risk Score

Malware Insights

Formbook · confidence 95%

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected by ClamAV as Doc.Downloader.Formbook, indicating it is a downloader for the Formbook malware family. The presence of embedded URLs, though benign in this case, is typical for such documents. The primary function is to download and execute a second-stage payload, likely leading to further compromise.

Heuristics 2

  • ClamAV: Doc.Downloader.Formbook-bc97c1e0c33c3c93-9951465-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Downloader.Formbook-bc97c1e0c33c3c93-9951465-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/markup-compatibility/2006
    • http://schemas.openxmlformats.org/officeDocument/2006/relationships
    • http://schemas.openxmlformats.org/officeDocument/2006/math
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing
    • http://schemas.openxmlformats.org/wordprocessingml/2006/main
    • http://schemas.microsoft.com/office/word/2006/wordml

Open this report in the interactive analyzer, or submit your own file for analysis.