Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 1d978375afa9fca1…

MALICIOUS

Office (OLE) / .DOC

31.0 KB Created: 2018-08-06 13:32:00 Authoring application: Microsoft Office Word
MD5: 6fbadff0dfea598344dfd745651519a5 SHA-1: 2876693e03de35a36122f54721245f3a1ec89904 SHA-256: 1d978375afa9fca1578a179478e5d0527e36bf8f9318d7cdc161f7b25c55c8df
60 Risk Score

Heuristics 3

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://outflank.nl/blog/2018/08/06/html-smuggling-explained/
    • http://schemas.openxmlformats.org/drawingml/2006/main

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
f74ebb426b135ec0706a427ab7dbeb9b5c008b51ba8a0761ef04b6a101f443a6		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 392 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.