Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 43aa8bd347a517cf…

MALICIOUS

Office (OLE)

107.0 KB Created: 2015-07-22 22:15:00 Authoring application: Microsoft Office Word First seen: 2015-10-13
MD5: e709026e044c4c4bf1e86102573b27a0 SHA-1: 587841b1bdb888403ed095de076516cd05e3cb15 SHA-256: 43aa8bd347a517cf7270002f362613394458d9b04b552ddf78fe7493e2e769e6
64 Risk Score

Heuristics 3

  • Ole10Native package drops an auto-executable payload critical OFFICE_PACKAGE_RISKY_FILE
    OLE Package displayName or fullPath ends in a directly auto-executable extension (a runnable binary or a script the default shell host runs on double-click). Embedding such a payload inside an Office document has no benign authoring use — it is a malware-delivery dropper.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ole10native_00.bin ole-package OLE Ole10Native stream: ObjectPool/_1499111838/Ole10Native 89075 bytes
SHA-256: a1e9947513205e5aa23b49a3a4901cb94a8dfa3190ca704ac980855b8ad730fc
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
ole10native_00_CLICK_HERE_TO_UNLOCK_THE_DOCUMENT.jar ole-package-payload OLE Ole10Native payload: ObjectPool/_1499111838/Ole10Native; display_name=CLICK HERE TO UNLOCK THE DOCUMENT.jar; full_path=C:\Users\USER\AppData\Local\Temp\CLICK HERE TO UNLOCK THE DOCUMENT.jar; temp_path=; def_file= 88544 bytes
SHA-256: 5c762b5e612f8670eb29f8a602561e3085f68f3c9d31f1307b702795653cf892

Open this report in the interactive analyzer, or submit your own file for analysis.