Office (OLE) malware analysis — malicious · 1a95b2a0eac132b7

MALICIOUS

Office (OLE)

13.5 KB Created: 1996-04-22 12:39:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: 303b8a530206735cca48953a8909f84b SHA-1: 2a43cdd5139d3045f62965424cd46f32ff8b1808 SHA-256: 1a95b2a0eac132b776535d69dbb02dfe35cadcfba855d6d1f539d953ba0ef2b5

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an OLE document containing legacy WordBasic auto-execution markers, specifically 'AutoOpen'. This indicates an attempt to run malicious code when the document is opened. The ClamAV detection as 'Win.Trojan.Phantom-6' further supports its malicious nature. The presence of auto-exec macros suggests a downloader or dropper functionality, likely delivered via spearphishing.

Heuristics 2

ClamAV: Win.Trojan.Phantom-6 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Phantom-6
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.