Win.Trojan.Pelo-1 — Office (OLE) malware analysis

Static analysis result for SHA-256 3ffa920e4880b684…

MALICIOUS

Office (OLE)

7.0 KB First seen: 2012-06-14
MD5: 3c0fc9205e84e1ba2322ae62f7ee6d2c SHA-1: 4c893ffc5e8f0337ca19a6dac3f32dd8e8c6d3f9 SHA-256: 3ffa920e4880b68447c897e19f0e23c93575c9184b062e21f59e4bcc74febbc2
100 Risk Score

Malware Insights

Win.Trojan.Pelo-1 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The sample was detected as Win.Trojan.Pelo-1 by ClamAV and exhibits legacy WordBasic macro virus markers. The document body contains text that appears to be part of a standard document but includes markers indicative of a macro virus, suggesting it is designed to spread or execute malicious code via macros.

Heuristics 2

  • ClamAV: Win.Trojan.Pelo-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Pelo-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.