Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 65a8c491c5595d5c…

MALICIOUS

Office (OLE)

16.5 KB Created: 1998-03-11 20:47:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 939ffa993024933017d6bd5abc931773 SHA-1: 82d770eba5acd22ac12593e5efd0874ff38bdf1a SHA-256: 65a8c491c5595d5c6942ad977934c5ba8a5b1441ee18449b32a38b6170ea77b9
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is identified as a legacy Wordmacro virus, specifically 'Wordmacro.Padania', by ClamAV. A critical heuristic detected the presence of a legacy WordBasic auto-exec macro marker named 'AutoOpen'. The document body explicitly mentions the 'Wordmacro.Padania' virus and its authors, indicating a historical malware artifact.

Heuristics 2

  • ClamAV: Win.Trojan.Padania-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Padania-5
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.