Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 2c209ea0a203f0a1…

MALICIOUS

Office (OLE) / .PPT

1.84 MB Created: 2002-11-06 15:55:26 Authoring application: Microsoft Office PowerPoint
MD5: e305efd49cfe8acecb9e5d20c57a1b52 SHA-1: 6e085129de9c49c53c2640e44cd41a13259778a2 SHA-256: 2c209ea0a203f0a1b70dd2a65ed23d16f3136104989d4b4875a93f5b59b418b1
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as malicious by ClamAV with the signature Win.Joke.Apeldorn-1. It contains VBA macros, indicating a potential for malicious script execution. The document body discusses various types of malware, which could be a pretext for a social engineering attack. An embedded URL, http://www.elhacker.net/hacking-programas-hack.htm, is present and marked as unknown, suggesting it could be a command and control server or a distribution point.

Heuristics 3

  • ClamAV: Win.Joke.Apeldorn-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Joke.Apeldorn-1
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.elhacker.net/hacking-programas-hack.htm
    • http://schemas.openxmlformats.org/drawingml/2006/main

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
989c544450e12075d7f7cf2d8076ed3a8c76fb98f9baf9730f2d2d118297fda1		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 501 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.