Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 1cf3cb5f2431e6ce…

MALICIOUS

Office (OLE)

1.31 MB Created: 1998-10-26 05:15:00 Authoring application: Microsoft Word for Windows 95
MD5: 11c71b2368e82cea657b87ddc5db873f SHA-1: 9deb793c3cdb43864c94f2b572830848cabecf8a SHA-256: 1cf3cb5f2431e6ce1d8107f60dc014f03d9363644357ddb8e6ff4f670ade0684
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is an OLE document with a high risk score and a critical ClamAV detection for Win.Trojan.Tm-1. The document body contains heavily obfuscated strings and metadata, including references to file paths like 'C:\\Q70-10' and 'A:\\Q70-10', which are likely indicators of dropped or executed payloads. The presence of 'AUTOOPEN' and printer escape codes suggests an attempt to execute code upon opening or interaction.

Heuristics 1

  • ClamAV: Win.Trojan.Tm-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Tm-1

Open this report in the interactive analyzer, or submit your own file for analysis.