Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 453b5f921cd27e22…

MALICIOUS

Office (OLE)

36.0 KB Created: 2009-12-03 21:33:00 Authoring application: Microsoft Word 11.3.5
MD5: ef73d3d6a006aa6ca7be2901c2d17cdf SHA-1: 86f85bf5f497220ce506025e6133e1d943df5f39 SHA-256: 453b5f921cd27e22e42e0bf0f8fc11766d407117fd8a553548da528321d711ce
80 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Doc.Trojan.Claud-3. Static analysis detected VBA macros within the document, indicating a macro-based attack vector. The document body presents itself as an application form, likely a social engineering lure to trick the user into enabling macros and executing the malicious payload.

Heuristics 2

  • ClamAV: Doc.Trojan.Claud-3 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Claud-3
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
d8bef0b2ad442e91550a3b7c1155f8e1d7a918c5649307c005cccb0c3c6b475c		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1853 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.