Concept Office (OLE) malware analysis — malicious · 1b880b82aba8a2e4

MALICIOUS

Office (OLE)

34.0 KB Created: 1997-05-29 15:22:00 Authoring application: Microsoft Word 8.0 First seen: 2012-06-14

MD5: 24194730b9c472b90a71a3b442e725a9 SHA-1: 88c13101d5981ff1a08c20485b056c4b813d4d71 SHA-256: 1b880b82aba8a2e4c4c19b99547524e1761c2642cad7e9e9ce3244c4333533f4

102 Risk Score

Malware Insights

Concept · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as a legacy WordBasic macro-virus by heuristic analysis, specifically flagging the presence of 'iMacroCount' which is characteristic of the Concept virus. ClamAV also confirms this detection as 'Doc.Trojan.Concept-28'. Although VBA extraction failed due to an unsupported format, the presence of these markers strongly suggests the execution of malicious macro code, likely for the Concept family.

Heuristics 3

ClamAV: Doc.Trojan.Concept-28 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Concept-28
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (AssertionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.