MALICIOUS
200
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
The OOXML file contains an embedded OLE object which, according to heuristics, drops an auto-executable payload. This payload was identified by ClamAV as the EICAR test signature, confirming its malicious nature. The embedded OLE object is the primary indicator of malicious activity, suggesting an attempt to deliver a malicious executable to the user.
Heuristics 3
-
ClamAV: Eicar-Test-Signature critical CLAMAV_DETECTIONClamAV detected this file as malware: Eicar-Test-Signature
-
Ole10Native package drops an auto-executable payload critical OFFICE_PACKAGE_RISKY_FILEOLE Package displayName or fullPath ends in a directly auto-executable extension (a runnable binary or a script the default shell host runs on double-click). Embedding such a payload inside an Office document has no benign authoring use — it is a malware-delivery dropper.
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.bin |
ooxml-ole-object | OOXML embedded OLE part: xl/embeddings/oleObject1.bin | 2560 bytes |
SHA-256: 4ded53410ba947573d4dcaf4aec4da365ccec6b6e4bd55c6fab558d603e49de7 |
|||
|
Detection
ClamAV:
Eicar-Test-Signature
Obfuscation or payload:
unlikely
|
|||
ooxml_oleobject_00_ole10native_00.bin |
ole-package | OOXML xl/embeddings/oleObject1.bin Ole10Native stream: Ole10Native | 317 bytes |
SHA-256: 2fd88ddf92804d289db4fdf341738339cda0e9453ae5ed04ca68e1e5d583b5dd |
|||
emf_00.emf |
ooxml-emf | OOXML EMF part: xl/media/image1.emf | 4988 bytes |
SHA-256: 8e389114f1100f1fd7bc2b2d7ddb7ad9e00c220d89bfceb40e371ed32caed6df |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.