Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 6aeacf76a2d17e5e…

MALICIOUS

Office (OLE)

7.0 KB First seen: 2012-06-14
MD5: 2bd3abe9b83af40764c1f7b305d1fa98 SHA-1: 32112bd74d977bbe220cee465c2c577ea2d1d9b7 SHA-256: 6aeacf76a2d17e5e861c353b6d6ef0278fb4d81f2836d4a0ea3a55b4d93a78be
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample exhibits characteristics of a legacy macro virus, specifically identified by 'RSN MACRO VIRUS' markers within its document body and heuristic firings. The presence of WordBasic macro virus markers suggests an attempt to execute malicious code upon opening the document. While no specific payload URLs or scripts were extracted, the historical context of such markers points to a malicious intent, likely to spread or perform unauthorized actions.

Heuristics 2

  • ClamAV: Win.Trojan.Nop-8 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Nop-8
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.