Office (OLE) malware analysis — malicious · 18cde1ad374703b5

MALICIOUS

Office (OLE)

373.5 KB Created: 1993-01-07 15:31:00 Authoring application: Microsoft Word 6.0

MD5: 24b8ab0580008add4a44b103500d4115 SHA-1: 9dc6bb6ef933366158eac14bf2c467c744df7179 SHA-256: 18cde1ad374703b521715f4d7f83a2c1692f4ee14c6a7f9d22c5b1209524c6a4

160 Risk Score

Malware Insights

The sample is identified as malicious by ClamAV with the signature Win.Trojan.Cap-1. Heuristics indicate references to LoadLibrary and GetProcAddress APIs, common in malware for loading additional functionality. The 'SE_CALLBACK_LURE' heuristic suggests the document's content is designed to trick users into calling a phone number, characteristic of callback phishing or tech-support scams.

Heuristics 4

ClamAV: Win.Trojan.Cap-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Cap-1
Reference to LoadLibrary API high SC_STR_LOADLIBRARY

Reference to LoadLibrary API
Reference to GetProcAddress API high SC_STR_GETPROCADDRESS

Reference to GetProcAddress API
Callback phishing phone lure medium SE_CALLBACK_LURE

Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.

Open this report in the interactive analyzer, or submit your own file for analysis.