Doc.Trojan.Acid-6 Office (OLE) / .ACI malware analysis — malicious · 349510fa27af855a

MALICIOUS

Office (OLE) / .ACI

33.5 KB Created: 1998-02-01 21:32:00 Authoring application: Microsoft Word 8.0

MD5: c56073967ed50eaf51502aa839ba6c3e SHA-1: e9c2020d4f58c66f137b6e034cce8897a163516f SHA-256: 349510fa27af855a3f58b5a8797afb160c2421ff5cfc0b5f691149e3392d91d3

180 Risk Score

Malware Insights

Doc.Trojan.Acid-6 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Doc.Trojan.Acid-6. Static analysis detected VBA macros, specifically an AutoOpen macro, which is a common technique for executing malicious code upon opening the document. The presence of the AutoOpen macro and the ClamAV detection strongly suggest the document is designed to deliver a payload.

Heuristics 4

ClamAV: Doc.Trojan.Acid-6 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Acid-6
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
AutoOpen macro high OLE_VBA_AUTOOPEN

AutoOpen macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `f2c532d9417dd2d43554ea34520130302dcee12a268c8356945c4f3c5f7e809c`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	3892 bytes
Detection ClamAV: Doc.Trojan.Acid-6 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.