Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 6a0fa94bd0afdb53…

MALICIOUS

Office (OLE)

11.0 KB Created: 1997-02-02 13:45:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: ab9ee7f5fdc7eb6eadf988c2ed82406f SHA-1: 148926ac19f98df57f8752cfbef3b285f1c87a32 SHA-256: 6a0fa94bd0afdb53bcbb95195682d4e876064c699ae7b207a9cb8e0df3b6c043
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Win.Trojan.Pig-1. Static analysis revealed a legacy WordBasic macro marker, specifically AUTOCLOSE, which is a known auto-execution routine. This suggests the document is designed to run malicious code when opened, likely attempting to download or execute a secondary payload.

Heuristics 2

  • ClamAV: Win.Trojan.Pig-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Pig-1
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.