Malicious Office (OLE) / .DOT — malware analysis report

Static analysis result for SHA-256 21a4aded5a05c2bf…

MALICIOUS

Office (OLE) / .DOT

599.5 KB Created: 2004-02-20 11:17:00 Authoring application: Microsoft Office Word
MD5: 382d4aac8ef1aea21762ba62626be8b3 SHA-1: dd163e9377dcf4b8581fed2da4d466dc0b0cc773 SHA-256: 21a4aded5a05c2bffa7abd147efb5f24f06daca4f88dbff855fc42b7caa13746
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is a Microsoft Office template (.DOT) containing a large VBA macro. The presence of AutoOpen and Auto_Close macros indicates that malicious code is designed to execute automatically when the document is opened or closed. The macro source is substantial, suggesting complex functionality, likely for downloading and executing additional payloads. No specific family could be identified from the available heuristics.

Heuristics 3

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
f7de84c827ed2489fbf7a60f49d302f11b41083c1847d0525c6b9e55cd5f7399		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 145330 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.