Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 443517d3e2322fac…

MALICIOUS

Office (OLE)

15.0 KB Created: 1997-02-07 20:47:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: a77970088c74751c25a56e338180b292 SHA-1: efccb5a9a7b19c5570bbc5f8f09b3e350c9b7cce SHA-256: 443517d3e2322fac4d384870e47cf2e6edff10b1d12e2957b04c8b6d56b1964d
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample exhibits legacy WordBasic macro virus markers, specifically 'ToolsMacro', indicating the presence of potentially malicious macro code. This type of macro is often used to execute arbitrary commands or download further payloads. The ClamAV detection as Win.Trojan.Color-3 further supports its malicious nature.

Heuristics 2

  • ClamAV: Win.Trojan.Color-3 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Color-3
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.