Office (OLE) / .DOC malware analysis — malicious · 3d9605471c8ec25a

MALICIOUS

Office (OLE) / .DOC

9.0 KB Created: 1997-01-30 01:07:00 Authoring application: Microsoft Word 6.0

MD5: 2b6dfb7ab16a60b8531efdfc80c5555c SHA-1: b9ebbec8f03fa0e0d66ce5ebba9f7cd1d426fd8a SHA-256: 3d9605471c8ec25a5aae9409d8ee211336f2aeaed48ff8c49a219962ffa2dd4b

100 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Doc.Trojan.Concept-1. Static analysis detected a heap-spray pattern, which is often used to facilitate arbitrary code execution. The document body contains VBA macro-like structures and references to AutoOpen and FileSaveAs, indicating that malicious code is likely intended to run automatically when the document is opened. No specific malware family could be confidently identified.

Heuristics 2

ClamAV: Doc.Trojan.Concept-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Concept-1
Heap-spray pattern detected high SC_HEAP_SPRAY

Repeated 0x07 bytes found

Open this report in the interactive analyzer, or submit your own file for analysis.