Office (OLE) / .KAM malware analysis — malicious · 1cea60fe6024a4b4

MALICIOUS

Office (OLE) / .KAM

40.0 KB

MD5: b62a7dd77ffcbeaba50600cca51f35f3 SHA-1: 0e4a6d594a30ab66ff8328d944df22dbe0fc4254 SHA-256: 1cea60fe6024a4b4374bd999a6012cc831ec7f35a3cd7d30583f8de757ddef4f

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is detected as Win.Worm.Kamar-1 by ClamAV and contains XOR-encoded strings, indicating malicious intent. The document body discusses Dial-Up Scripting Command Language, which could be a lure to trick users into running embedded malicious scripts. The XOR encoding key 0x4F is a strong indicator of obfuscation used by malware.

Heuristics 2

XOR-encoded strings (key 0x4F) critical SC_XOR_ENCODED

Found 1 Windows library/API name(s) XOR-encoded with single-byte key 0x4F: 'ExitProcess'
ClamAV: Win.Worm.Kamar-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Worm.Kamar-1

Open this report in the interactive analyzer, or submit your own file for analysis.