Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 3183bd717fd44623…

MALICIOUS

Office (OLE) / .EXE

59.5 KB Created: 1998-07-16 03:58:00 Authoring application: Microsoft Word 8.0
MD5: dbb58813d05dc9eb5c97293e2cd56912 SHA-1: 9250b388e9322775cd483616d8aa59afcbfc8103 SHA-256: 3183bd717fd4462336afec164a9d824fbd41d62bfe3b1a5daddc84ed19911376
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an OLE executable containing VBA macros, specifically an Auto_Close macro, which is a common technique for executing malicious code upon document closure. The document body discusses macro viruses, likely as a lure to encourage the user to enable or interact with the macros. ClamAV detected this as Win.Trojan.Pivis-2, but no specific IOCs like URLs or hashes were extracted from the provided evidence.

Heuristics 3

  • ClamAV: Win.Trojan.Pivis-2 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Pivis-2
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
cd109c9ed5e41c2480224862204a44ff615841ad69c7cf142a51e2951c54b839		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 46120 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.