Win.Worm.AutorunLink-6547264-0 — Office (OLE) malware analysis

Static analysis result for SHA-256 6ac436cb9012aaf5…

MALICIOUS

Office (OLE)

940.0 KB Created: 2009-10-07 05:33:46 Authoring application: Microsoft Office PowerPoint First seen: 2020-09-24
MD5: ef8bcfac65451b3c549569af4e5569f8 SHA-1: 40d0f6acf97681a3287d3bf335ae20d4c5e6f75a SHA-256: 6ac436cb9012aaf579a57f32ff04fd4962d15e743a2c64c74b1b11ab1b228b2a
62 Risk Score

Malware Insights

Win.Worm.AutorunLink-6547264-0 · confidence 85%

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as Win.Worm.AutorunLink-6547264-0 by ClamAV, indicating a known worm. The document content discusses computer networks, likely as a lure to disguise its malicious nature. The presence of an embedded URL, though benign, suggests an attempt to connect to external resources.

Heuristics 2

  • ClamAV: Win.Worm.AutorunLink-6547264-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Worm.AutorunLink-6547264-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)