Win.Trojan.Archfiend-1 — Office (OLE) malware analysis

Static analysis result for SHA-256 66d88b56bd182cc8…

MALICIOUS

Office (OLE)

13.5 KB Created: 1997-05-14 23:25:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: 7cfa069b5961879b441805cddd1b0b5c SHA-1: 50352e1eeaf89e2b6dea92358b0f7c7f6eb40c22 SHA-256: 66d88b56bd182cc8fca6dd2164e916b44b60d08e5305361a68509a9572e5df48
100 Risk Score

Malware Insights

Win.Trojan.Archfiend-1 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file exhibits characteristics of a legacy WordBasic macro virus, specifically identified by ClamAV as Win.Trojan.Archfiend-1. The presence of markers like 'ToolsMacro' and automatic execution triggers such as 'AutoExec' and 'AutoOpen' strongly suggests that the macro is designed to run automatically when the document is opened, likely to perform malicious actions.

Heuristics 2

  • ClamAV: Win.Trojan.Archfiend-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Archfiend-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.