Office (OLE) malware analysis — malicious · 6c8f64f8f7b276a2

MALICIOUS

Office (OLE)

8.5 KB First seen: 2012-06-14

MD5: af0a9840d5ad1422f9055ac97603125d SHA-1: c4c94c68ddd487c8392440bac2c5dae8097c526e SHA-256: 6c8f64f8f7b276a2ca53a377e54a499c6d165250b6047af68e190be107795b77

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample exhibits legacy WordBasic macro virus markers, specifically 'RSN MACRO VIRUS', and includes an AutoOpen macro designed to execute automatically when the file is opened. This suggests an attempt to run malicious code embedded within the document, likely for propagation or further infection.

Heuristics 2

ClamAV: Win.Trojan.KillProt-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.KillProt-1
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.