Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 2b8fda292c7039a1…

MALICIOUS

Office (OLE) / .DOC

36.0 KB Created: 2001-04-16 12:41:00 Authoring application: Microsoft Word 8.0
MD5: 029cec994eb7ee6ea00d7785691260a1 SHA-1: 84c4ba0d7ed27523c08ba48777b1b10e1ac04bec SHA-256: 2b8fda292c7039a1dc305487adcf40077cf60c21437db1340a2f6c2ef8ae66c1
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is a Microsoft Word document containing VBA macros, as indicated by the OLE_VBA_MACROS heuristic. The ClamAV detection 'Doc.Trojan.Passbox-4' strongly suggests malicious intent. The document body presents itself as official legislation concerning municipal salaries, likely a lure to trick the user into enabling macros. No specific IOCs like URLs or hashes were extracted, and the VBA macro content was not detailed enough to determine its exact function beyond being present.

Heuristics 2

  • ClamAV: Doc.Trojan.Passbox-4 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Passbox-4
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
436130a7e719989060e53da1f6f927b7fc178da19d98dc19aaa3981447da2e74		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3527 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.