Win.Trojan.Hyper-1 — Office (OLE) malware analysis

Static analysis result for SHA-256 234e05880a304b42…

MALICIOUS

Office (OLE)

23.0 KB Created: 1997-04-01 00:28:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: 79deee784e1f8a3b99ca025b5e8540a9 SHA-1: 5fa351f3e775d32fb4ca54e10cb43601fe14ee11 SHA-256: 234e05880a304b4234c8177d90ac46f34a4b0bca627c5ec48be71599339ba275
100 Risk Score

Malware Insights

Win.Trojan.Hyper-1 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file contains legacy WordBasic macro virus markers and is detected by ClamAV as Win.Trojan.Hyper-1. The document body explicitly mentions infecting Microsoft Internet Explorer via HTML in a temporary file, indicating a payload delivery mechanism. The macro code includes references to `toolsmacro` and `filetemplates`, consistent with macro-based malware.

Heuristics 2

  • ClamAV: Win.Trojan.Hyper-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Hyper-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.