Office (OLE) / .DOC malware analysis — malicious · 6b2dd00d878ba785

MALICIOUS

Office (OLE) / .DOC

80.5 KB Created: 2004-12-22 11:09:00 Authoring application: Microsoft Word 8.0

MD5: e4c9cccb3d1e48c779be950a52c136de SHA-1: bf62eb6dcdd1a570cf4277fda1b7cc563574d848 SHA-256: 6b2dd00d878ba785ddd7c2d71eed313332cdc48da82a6890e0330447da0e5cac

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file contains VBA macros, specifically an AutoOpen macro, which is a common technique for malware execution in Office documents. The script attempts to copy itself to the Normal template, indicating an intent to establish persistence. The ClamAV detection 'Doc.Trojan.Beauty-1' further supports its malicious nature.

Heuristics 3

ClamAV: Doc.Trojan.Beauty-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Beauty-1
AutoOpen macro high OLE_VBA_AUTOOPEN

AutoOpen macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `db7f4829685cdecd0d38e010052be62953d510e5ce00dd3c03513852ce21119e`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	12865 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.