Win.Trojan.Theatre-2 — Office (OLE) malware analysis

Static analysis result for SHA-256 5a320475762f28c4…

MALICIOUS

Office (OLE)

13.0 KB Created: 1996-08-13 14:33:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: f5acbaf9b07e7fe59fd1a49e3844b7c3 SHA-1: 60be0adca4eeb9bcb63f7cad43d27750f5eb1d00 SHA-256: 5a320475762f28c430d2453b9f7cea2681205b2696d901e4dc567ee80e9a101c
60 Risk Score

Malware Insights

Win.Trojan.Theatre-2 · confidence 95%

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is a Microsoft Word 6.0 document identified by ClamAV as Win.Trojan.Theatre-2. The document body contains repeated references to file paths and the 'DOCCLOSE', 'FILECLOSE', and 'TOOLSMACRO' keywords, suggesting it may contain or attempt to trigger embedded malicious macros or exploit code. The primary attack vector is likely exploitation of a client vulnerability.

Heuristics 1

  • ClamAV: Win.Trojan.Theatre-2 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Theatre-2