Office (OLE) / .DOC malware analysis — malicious · 1fe48db9b33d1e21

MALICIOUS

Office (OLE) / .DOC

88.5 KB Created: 2010-04-29 07:44:00 Authoring application: Microsoft Office Word

MD5: 4c853b1b1e3a4514462d04298c925e12 SHA-1: e7fde13f834c7c05478f7075aaa0436a6aedda9e SHA-256: 1fe48db9b33d1e210c58f8a69e0eadfed9b8efbd48a3998cd2cdccbf160741de

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is a malicious OLE document containing VBA macros. The document body presents a form for reporting warehouse information, likely as a lure. The presence of VBA macros and a detected heap spray pattern indicates that the document is designed to execute malicious code. The extracted 'macros.bas' file is the primary artifact containing the malicious payload.

Heuristics 3

Heap-spray pattern detected high SC_HEAP_SPRAY

Repeated 0x41 (A) bytes found
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `acb34cc2552147e7ddb95089b61c89c94e3845fcb67bcb3948eb770f1b049a0f`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	9486 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 15 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.