Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 407f45e9adbdc104…

MALICIOUS

Office (OLE)

68.5 KB Created: 2010-06-30 11:54:08 Authoring application: Microsoft PowerPoint
MD5: c045a516b3b6b52058828a01113fde9f SHA-1: 3a36f45e62012de0ea29528260dab28ebbed15a7 SHA-256: 407f45e9adbdc104c9c42279afb4d2c4ab456f5491ecfe360cd0f54b7d2c3143
60 Risk Score

Malware Insights

The sample is a PowerPoint file containing VBA macros. The macro attempts to disable security warnings and then uses Outlook to send copies of the document to contacts. It also attempts to infect the Normal template and the active document with its macro code. The ClamAV heuristic also flags it as Doc.Trojan.Venom-1. The macro's behavior suggests it is a worm designed to spread via email. Confidence is lowered due to the truncated nature of the script and the lack of specific indicators for a known family.

Heuristics 1

  • ClamAV: Doc.Trojan.Venom-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Venom-1

Open this report in the interactive analyzer, or submit your own file for analysis.