Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 38ad2f38f9a26f5c…

MALICIOUS

Office (OLE)

40.5 KB Created: 2003-10-14 11:14:00 Authoring application: Microsoft Word 8.0
MD5: 4ec9bdf03e13b7b0f852f0f61a16e93d SHA-1: 5f16e78ae3d6db1b8f921455d60ef5e3779294b3 SHA-256: 38ad2f38f9a26f5c45b87c35e1d89591c7c0679e8cd4e9bcf44ef8155173e4bd
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an OLE document containing VBA macros, specifically an AutoOpen macro, which is a common technique for initial execution. The AutoOpen macro is designed to run automatically when the document is opened, indicating an attempt to execute malicious code. No specific family could be identified, but the presence of AutoOpen suggests a downloader or initial execution stage.

Heuristics 2

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
01686d1937d61d1482fbc6f6b7e500fd3078bbc5709624ffc98228a81b60cdaa		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3949 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.