Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 34f2cdfa7f88afb1…

MALICIOUS

Office (OLE)

6.5 KB Created: 1996-11-28 22:51:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 2bf8d22e88429a85f1cd02c16b33d26e SHA-1: ab5b4e15c3c9a09fb0c377d649d04694ae823e62 SHA-256: 34f2cdfa7f88afb174ab9b95e905a9243df900c652faa0a3739fbc66eefc7216
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical ClamAV heuristic indicates this file is recognized as Legacy.Trojan.Agent-466. The presence of a legacy WordBasic auto-exec macro marker ('autoOpen') strongly suggests the document is designed to automatically run malicious code when opened. The document body contains references to file paths and macro names, further supporting the presence of macro-based malicious activity.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-466 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-466
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.