Office (OLE) malware analysis — malicious · 544942e91d419ed2

MALICIOUS

Office (OLE)

24.5 KB Created: 1996-09-21 17:53:00 Authoring application: Microsoft Word 6.0

MD5: c0b78ab41ab8849d6e78a414cac48ae2 SHA-1: 064cc8a4702744bfb898e06a9f21f33c536ab042 SHA-256: 544942e91d419ed22fd207980ee65340863dcd8f1c0d585366d5b1d0ad498581

60 Risk Score

Malware Insights

The file is detected as Win.Trojan.Why-1 by ClamAV. The document body contains VBA macro code that appears to be designed to copy macros and potentially infect the Normal.dot template, indicated by references to 'makemacros', 'AutoOpen', and 'AutoClose'. The presence of file paths like 'C:\\TEST\\SANDY.DOC' suggests the macro may interact with or modify existing documents.

Heuristics 1

ClamAV: Win.Trojan.Why-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Why-1

Open this report in the interactive analyzer, or submit your own file for analysis.