Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 5980433f7ab0bc4f…

MALICIOUS

Office (OLE)

91.5 KB Created: 2005-05-05 08:15:00 Authoring application: Microsoft Office Word
MD5: f7684ae2bd777b27c4d58dd6dde6f810 SHA-1: 6a81485394be8a29f6e2058fda44fde09230f3f8 SHA-256: 5980433f7ab0bc4fff58e5ef5ee4aca03939d84345b33863f450016491891b55
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file contains VBA macros, specifically a Document_Open macro, which is a common technique for initiating malicious activity. The presence of these macros, coupled with a ClamAV detection of 'Doc.Trojan.Walker-9', strongly suggests the document is designed to execute malware. No specific IOCs like URLs or hashes were extracted, but the macro execution is the primary threat.

Heuristics 3

  • ClamAV: Doc.Trojan.Walker-9 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Walker-9
  • Document_Open macro high OLE_VBA_DOCOPEN
    Document_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
2d75634898640a3d828328c3c5852277071237f9fd557966f46fad20be99f630		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 11984 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.