Milicrypt Office (OLE) malware analysis — malicious · 5b188e856c98db3e

MALICIOUS

Office (OLE)

10.0 KB Created: 1998-04-30 23:46:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: fc245801ec688a4cc73641c1f02a8117 SHA-1: 5033ba9609d0f218b8f002299c14ec74ba523fbc SHA-256: 5b188e856c98db3e6f67bccbb847de181c7a8e76f315e8270d05e64dba43051e

100 Risk Score

Malware Insights

Milicrypt · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The sample exhibits characteristics of a legacy WordBasic macro virus, specifically referencing 'ToolsMacro' and 'AutoOpen' functions, which are indicative of malicious macro execution. The presence of 'MCRYPT.DOC' and functions like 'FileSaveAs' suggest the macro may be designed to save or manipulate the document content, potentially as part of a payload delivery or obfuscation strategy. The ClamAV detection as Win.Trojan.Milicrypt-1 further supports its malicious nature.

Heuristics 2

ClamAV: Win.Trojan.Milicrypt-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Milicrypt-1
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.