Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 64ffe8b467b06100…

MALICIOUS

Office (OLE)

16.0 KB Created: 1997-03-17 20:45:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 7d12947bc3f6e671371f3675d31b44a9 SHA-1: 7845b7924c206dacb7e50396279e6c4560d1c0ad SHA-256: 64ffe8b467b061002168ff3a79995d1ea3cf0048de2816806b694b13b431020f
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample exhibits legacy WordBasic macro virus markers, specifically 'TOOLSMACRO', which is a strong indicator of malicious intent. The presence of file paths and document names within the body suggests the macro may attempt to interact with or modify files on the system. The ClamAV detection further supports its classification as malware.

Heuristics 2

  • ClamAV: Win.Trojan.Eraser-12 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Eraser-12
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.