Malicious Office (OOXML) — malware analysis report

Heuristics 3

• ClamAV: Html.Spyware.IMG-6 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Html.Spyware.IMG-6
• External hyperlinks (6) low OOXML_EXTERNAL_HYPERLINKS
  Document contains 6 external hyperlinks — clickable URLs are stored as external relationships. First target: http://www.milesfrases.com/
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://www.ciudad.com.ar/ar/popunder/p_submit.asp?site=personales.ciudad.com.ar In document text (OOXML body / shared strings)

  • http://www.milesfrases.com/Document hyperlink
  • http://www.milespowerpoints.com/Document hyperlink
  • http://www.frasesfrases.es/Document hyperlink
  • http://milespowerpoints.ourtoolbar.com/Document hyperlink
  • http://www.milespostales.com/Document hyperlink
  • http://www.milesvideos.com/Document hyperlink
  • http://ns.adobe.com/xap/1.0/In document text (OOXML body / shared strings)
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In document text (OOXML body / shared strings)
  • http://purl.org/dc/elements/1.1/In document text (OOXML body / shared strings)
  • http://ns.adobe.com/xap/1.0/mm/In document text (OOXML body / shared strings)
  • http://ns.adobe.com/xap/1.0/sType/ResourceRef#In document text (OOXML body / shared strings)
  • http://ns.adobe.com/tiff/1.0/In document text (OOXML body / shared strings)
  • http://ns.adobe.com/exif/1.0/In document text (OOXML body / shared strings)
  • http://ns.adobe.com/photoshop/1.0/In document text (OOXML body / shared strings)

Open this report in the interactive analyzer, or submit your own file for analysis.