Office (OLE) malware analysis — malicious · 236b0e433a9d516d

MALICIOUS

Office (OLE)

12.0 KB Created: 1997-02-19 15:51:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14

MD5: 16b5e0cc53ee7048173654678712f5c1 SHA-1: 37c755ddb28f247b34219a83b99265467b49766e SHA-256: 236b0e433a9d516d652263f450f1dc1b1373c91d317959f9790c06d02df3cb2e

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample contains legacy WordBasic macros, specifically an AutoExec marker for FileSaveAs, indicating an attempt to execute malicious code upon opening. The document body explicitly states 'This is a Macro Goat File. You MAY be infected already!', reinforcing the malicious intent. The presence of legacy macro functionality suggests a potential attempt to trick the user into saving a malicious copy of the document.

Heuristics 2

ClamAV: Win.Trojan.SaveCount-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.SaveCount-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.