Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 2c6a243ff50c0c64…

MALICIOUS

Office (OLE)

37.5 KB Created: 1997-10-13 12:49:00 Authoring application: Microsoft Word 8.0
MD5: 0d1840268548173d9492aa448acda706 SHA-1: a4901da090ae8f448088b73163b2b8616f99fb7c SHA-256: 2c6a243ff50c0c64f0658f7b88debbe56d8838f1f5d36fab5b3aae03cbbea531
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Doc.Trojan.Horn-2. Static analysis revealed the presence of VBA macros, specifically an 'AutoOpen' macro, which is a common technique for executing malicious code upon document opening. The document body contains the word 'horn', which may be related to the malware name.

Heuristics 3

  • ClamAV: Doc.Trojan.Horn-2 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Horn-2
  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
c23dedd921deb3b37c4defa10bf1ff54caa1c583d0820a30c1ff196c8886c152		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1755 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.