Office (OLE) / .DOC malware analysis — malicious · 2fddc89b3629311d

MALICIOUS

Office (OLE) / .DOC

31.5 KB Created: 2010-05-04 15:36:00 Authoring application: Microsoft Word 9.0

MD5: 813c301635e063f5a2047522c262d503 SHA-1: db2712be0e22ff06fcf9099a02740d4d332d8c5c SHA-256: 2fddc89b3629311ddf97add35c950388a994c093007f7b706e9f67015cb218cd

140 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1059.005 Visual Basic

The sample contains VBA code that leverages Windows Script Host (WScript) and ShellExecute to write a VBScript named 'FS6519.dll.vbs' to the system's Windows directory. It also attempts to copy this script and an 'autorun.inf' file to all accessible drives, including removable media, to achieve persistence. The ClamAV detection 'Win.Trojan.Flesh-3' further supports its malicious nature.

Heuristics 3

ClamAV: Win.Trojan.Flesh-3 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Flesh-3
Reference to ShellExecute API high SC_STR_SHELLEXEC

Reference to ShellExecute API
Reference to Windows Script Host high SC_STR_WSCRIPT

Reference to Windows Script Host

Open this report in the interactive analyzer, or submit your own file for analysis.