Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 24224fe87786ff2e…

MALICIOUS

Office (OLE)

10.0 KB Created: 1998-12-26 18:19:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: 4bb819d0ab8d9c2e1d6610af520c10d5 SHA-1: 01d7cbcb1f36361fe74237f80cac75c01961483e SHA-256: 24224fe87786ff2e32f9d8b414670bd5389cb895df1e83eba7f0afa5ecf3d829
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file contains legacy WordBasic auto-exec macro markers, specifically 'AuTOOPEn', which is indicative of malicious macro execution upon opening. ClamAV also detected this file as 'Legacy.Trojan.Agent-448'. No specific family could be identified, but the presence of auto-exec macros suggests an attempt to run arbitrary code.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-448 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-448
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.