Win.Trojan.JunkFace-1 — Office (OLE) malware analysis

Static analysis result for SHA-256 30edbdd5b05de0f3…

MALICIOUS

Office (OLE)

13.0 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 6f8e7a6f8831906b6db7edc33ceb77f2 SHA-1: 5626cb7cfbc0ffe3c2a3b354433dfda8ae9492af SHA-256: 30edbdd5b05de0f3fcbf13fba61922bfe40fa165b77012e2ce9c57e326695124
100 Risk Score

Malware Insights

Win.Trojan.JunkFace-1 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Win.Trojan.JunkFace-1. Heuristics indicate the presence of legacy WordBasic macro virus markers, specifically 'ToolsMacro'. The document body contains strings like 'Hi you!! my name is Junkies! (c)NoMercy 1997' and references to 'AutoClose' and 'ToolsMacro', further supporting the presence of macro-based malicious activity.

Heuristics 2

  • ClamAV: Win.Trojan.JunkFace-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.JunkFace-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.