Win.Trojan.Emperor-7 — Office (OLE) malware analysis

Static analysis result for SHA-256 2b5c535e3984c083…

MALICIOUS

Office (OLE)

17.5 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 81a96078f232f0d3fdb258db3cddb2f1 SHA-1: add1b5b3c23ea551d27293cc399d8315fbe514e7 SHA-256: 2b5c535e3984c08341b9313662de64434a94b4a903045c91d5a245e73a1af10f
60 Risk Score

Malware Insights

Win.Trojan.Emperor-7 · confidence 85%

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Win.Trojan.Emperor-7. The document body contains garbled text, suggesting it may be a lure for a macro-based attack. The presence of Office metadata and the ClamAV detection strongly indicate a macro-enabled Excel file designed to execute malicious code upon opening.

Heuristics 1

  • ClamAV: Win.Trojan.Emperor-7 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Emperor-7