Office (OLE) malware analysis — malicious · 65ae47cce95ee115

MALICIOUS

Office (OLE)

12.5 KB Created: 1997-10-17 01:13:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14

MD5: 7e575a16f7e0048b8a75ffea17a99fad SHA-1: 314b6af7c59a4a47ca418c0f40ce2bb7f699d080 SHA-256: 65ae47cce95ee115825d4ef6596e497b99a6e628607eede09192f25a7204a459

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is a legacy Word document containing a WordBasic macro, indicated by the 'OLE_LEGACY_WORDBASIC_AUTOEXEC' heuristic firing with the 'AutoOpen' marker. The document body explicitly states 'This file infected with Macro.Word.X80 by FRiZER', suggesting a deliberate infection. The presence of an AutoOpen macro implies an attempt to execute malicious code automatically when the document is opened, consistent with a phishing attachment delivery method.

Heuristics 2

ClamAV: Legacy.Trojan.Agent-452 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Legacy.Trojan.Agent-452
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.