Office (OLE) malware analysis — malicious · 3bc60505755f51ce

MALICIOUS

Office (OLE)

30.0 KB Created: 1996-04-27 19:16:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: cb5b050c0229a4b85888f6c9e225bb21 SHA-1: 67598194a33d9d956f00ebd5c45c321f997ebff6 SHA-256: 3bc60505755f51cebadf10e8450b6d7d167f62b6ec5e002fa03cf454c081fc75

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is a legacy Word document containing WordBasic macros, indicated by the 'OLE_LEGACY_WORDBASIC_AUTOEXEC' heuristic firing on the 'AutoOpen' marker. This macro is designed to execute automatically when the document is opened, a common technique for delivering malware. The presence of 'Win.Trojan.Tele-1' in the ClamAV detection further confirms its malicious nature. The document body contains strings like 'LUCIFER.DOC' and 'TELEFONICA' which may be related to the payload or its distribution.

Heuristics 2

ClamAV: Win.Trojan.Tele-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Tele-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.