Office (OLE) / .VIR malware analysis — malicious · 314872be80d618f9

MALICIOUS

Office (OLE) / .VIR

31.0 KB Created: 1997-09-16 02:44:00 Authoring application: Microsoft Word for Windows 95

MD5: 280a4166cea73b8d84a703847bfdfec0 SHA-1: a747c492fd98bcf991b84c1bf64094b1daacf440 SHA-256: 314872be80d618f9974226df2197a4c55ab7c1ba65cb939f10f92a3bec0f1de7

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is detected as Win.Trojan.Cap-1 by ClamAV. The document body contains a seemingly legitimate letter regarding a bus rental, but the presence of numerous VBA macro names like AutoOpen, AutoExec, and ToolsMacro, along with the file type being an OLE/VIR, strongly suggests malicious macro execution. The document body's content is likely a lure to encourage the user to enable macros.

Heuristics 1

ClamAV: Win.Trojan.Cap-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Cap-1

Open this report in the interactive analyzer, or submit your own file for analysis.