Win.Trojan.Alliance-13 — Office (OLE) / .DOCX malware analysis

Static analysis result for SHA-256 32ac2ac301f99c09…

MALICIOUS

Office (OLE) / .DOCX

43.5 KB Created: 1998-03-18 18:55:00 Authoring application: Microsoft Word for Windows 95
MD5: daaf4236f89d85ed5fcf8c49c82a5c62 SHA-1: 2069bb72e006aeb49ef442b47013074dcf0cfbee SHA-256: 32ac2ac301f99c09d4c66f382811b135fd77d23f197677d4612de71b992d9fe2
60 Risk Score

Malware Insights

Win.Trojan.Alliance-13 · confidence 95%

The file is identified as a malicious Microsoft Word document by ClamAV, specifically as Win.Trojan.Alliance-13. The document body contains VBA code, including AutoOpen and AutoNew macros, which are commonly used to execute malicious actions upon opening the document. The presence of these macros and the ClamAV detection strongly indicate an attempt to exploit the document's macro functionality to deliver the Alliance trojan.

Heuristics 1

  • ClamAV: Win.Trojan.Alliance-13 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Alliance-13

Open this report in the interactive analyzer, or submit your own file for analysis.