Office (OLE) malware analysis — malicious · 3aaf194104418e70

MALICIOUS

Office (OLE)

6.5 KB First seen: 2012-06-14

MD5: 0355e14e03e0746f7574db7723d5ce21 SHA-1: 5bf48a7e7f12355c151fb6fa2d77af8a42596a70 SHA-256: 3aaf194104418e70f5fc344c8146f4012f24ea48b893821fd5ec5c20fbeebdbc

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample exhibits legacy WordBasic macro virus markers, specifically 'RSN MACRO VIRUS', indicating a potentially old but still functional macro-based threat. The embedded document body text, including phrases like 'This is a standard RSN MACRO VIRUS Goat file' and references to 'AutoOpen' and 'ExtrasMakro', further supports the presence of malicious macros. While no specific payload or network activity was directly observed, the presence of these markers strongly suggests the file is designed to execute arbitrary code via macros.

Heuristics 2

ClamAV: Win.Trojan.Nop-12 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Nop-12
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.