Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 5f6fc69ac4850bd4…

MALICIOUS

Office (OLE)

138.5 KB Created: 2005-06-28 10:05:00 Authoring application: Microsoft Word 9.0 First seen: 2017-06-27
MD5: 59c05c7222e914e240a65ee70905c2de SHA-1: 55b70923e2658166daba781b70b1fc531cb2231c SHA-256: 5f6fc69ac4850bd4effb0e73e3d59d3379bb6480813acc2627dff77cfd674dc9
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as a dropper by ClamAV. The document body discusses buffer overflow exploits in Internet Explorer and IFRAME tags, suggesting a lure to exploit vulnerabilities. While an embedded URL was found, it was confirmed as benign. No scripts were extracted from this sample.

Heuristics 2

  • ClamAV: Doc.Dropper.Agent-1696340 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-1696340
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.edup.tudelft.nl/~bjwever/ In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.