Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 53c73973d20bd7b8…

MALICIOUS

Office (OOXML)

317.3 KB Created: 2012-09-03 04:14:00 UTC Authoring application: Microsoft Office Word 12.0000 First seen: 2021-02-23
MD5: e68ac9e407477b29073ebe4a15e1f520 SHA-1: 449161417b1abec698dc6b2833d0306f22476d39 SHA-256: 53c73973d20bd7b826697ba2548de7003adbb1708403f0c7e7861c95d94433ad
70 Risk Score

Heuristics 3

  • ClamAV: Win.Trojan.Hydraq-93 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Hydraq-93
  • External hyperlinks (2) low OOXML_EXTERNAL_HYPERLINKS
    Document contains 2 external hyperlinks — clickable URLs are stored as external relationships. First target: http://www.flickr.com/photos/worldeconomicforum/4988572144/in/set-72157624751882056
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ns.camerabits.com/photomechanic/1.0/ In document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/markup-compatibility/2006In document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/officeDocument/2006/relationshipsIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/officeDocument/2006/mathIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/wordprocessingml/2006/mainIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2006/wordmlIn document text (OOXML body / shared strings)
    • http://www.iec.chIn document text (OOXML body / shared strings)
    • http://www.weforum.orgIn document text (OOXML body / shared strings)
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OOXML body / shared strings)
    • http://ns.adobe.com/photoshop/1.0/In document text (OOXML body / shared strings)
    • http://ns.adobe.com/xap/1.0/In document text (OOXML body / shared strings)
    • http://ns.adobe.com/tiff/1.0/In document text (OOXML body / shared strings)
    • http://ns.adobe.com/exif/1.0/In document text (OOXML body / shared strings)
    • http://purl.org/dc/elements/1.1/In document text (OOXML body / shared strings)
    • http://ns.adobe.com/xap/1.0/mm/In document text (OOXML body / shared strings)
    • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OOXML body / shared strings)
    • http://ns.adobe.com/xap/1.0/rights/In document text (OOXML body / shared strings)
    • http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/In document text (OOXML body / shared strings)
    • http://www.flickr.com/photos/worldeconomicforum/4988572144/in/set-72157624751882056Document hyperlink