Office (OOXML) / .DOC malware analysis — malicious · 1ac8c6e43264d5f8

MALICIOUS

Office (OOXML) / .DOC

436.7 KB Created: 2025-10-09 07:48:00 UTC Authoring application: Microsoft Office Word 12.0000

MD5: c8df04596d45aea84e463af745e218b5 SHA-1: 5e3d8a26f2e611da2d25a85f2511714c81458f9b SHA-256: 1ac8c6e43264d5f82d7e80229c75e5d2a9130fb10a23d20cac4fc0412db14b22

140 Risk Score

Heuristics 4

ClamAV: Doc.Downloader.Loda-7570590-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.Loda-7570590-0
Remote template injection high OOXML_REMOTE_TEMPLATE

Document references a remote template URL (http://91.92.240.104:7777/apexfurllc.top/pagejoe/mydocument.doc) — a common remote-template-injection vector used by Hancitor, Emotet and many phishing campaigns. Word can fetch and apply the remote template; macros in that template may execute depending on Office policy and trust state.
External relationship high OOXML_EXTERNAL_REL

External target in word/_rels/settings.xml.rels: http://91.92.240.104:7777/apexfurllc.top/pagejoe/mydocument.doc
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://schemas.openxmlformats.org/markup-compatibility/2006
- http://schemas.openxmlformats.org/officeDocument/2006/relationships
- http://schemas.openxmlformats.org/officeDocument/2006/math
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing
- http://schemas.openxmlformats.org/wordprocessingml/2006/main
- http://schemas.microsoft.com/office/word/2006/wordml

Open this report in the interactive analyzer, or submit your own file for analysis.