Office (OLE) / .DOC malware analysis — malicious · 42f17ba73ab478f7

MALICIOUS

Office (OLE) / .DOC

47.5 KB Created: 2010-04-29 07:45:00 Authoring application: Microsoft Office Word

MD5: d530b5be96a65cf5c9a9a55bbabe1a2e SHA-1: d3431db47d9c1961133b8b6eea3818a26f3a9f7f SHA-256: 42f17ba73ab478f79b7c047649734eaed4402a85ce9a735a8db94c8bdd496be4

62 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is a malicious Office document containing VBA macros. The document body presents a form related to safety production inspection statistics, likely as a lure to trick the user into enabling macros. The presence of VBA macros and a heap spray pattern suggests the execution of malicious code. No specific family could be identified.

Heuristics 3

Heap-spray pattern detected high SC_HEAP_SPRAY

Repeated 0x41 (A) bytes found
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `acb34cc2552147e7ddb95089b61c89c94e3845fcb67bcb3948eb770f1b049a0f`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	9486 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 15 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.