Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 42946241fe20692d…

MALICIOUS

Office (OLE) / .DOC

40.0 KB Created: 2001-05-31 12:35:00 Authoring application: Microsoft Word 8.0
MD5: db9bc984ccbcdd18bf1a15af5e1980d7 SHA-1: 3e7bc9d33ed5136834250223c9b7087436e7cafa SHA-256: 42946241fe20692dc2d382c4ee2a39977018c9745c9f47704f95a525ee43c9e3
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is a Microsoft Word document containing VBA macros, specifically triggering an AutoOpen macro. This indicates an attempt to automatically execute code when the document is opened. While the macro content is truncated, the presence of an AutoOpen macro strongly suggests a malicious intent, likely to download and execute a secondary payload. No specific family could be identified from the available evidence.

Heuristics 2

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
15e536d83f91cdc6d61766ab9e2bdebf5b8b07c3655d99b11e297b061cdd2815		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1860 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.