Office (OLE) malware analysis — malicious · 6e5a8a3a1665d380

MALICIOUS

Office (OLE)

13.5 KB Created: 1996-07-16 10:42:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: 0288310dc9ab7b7b9229367e488b3678 SHA-1: 292696f5f0ab6f857e19f33c5bf0d200e19a77e4 SHA-256: 6e5a8a3a1665d380ce84ce2dc8859bfbc8b50c00b2562aeaa78b15e7d43842b7

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Win.Trojan.Easy-1. A legacy WordBasic auto-exec macro marker ('autoopen') was detected, indicating the document is designed to run code automatically when opened. This suggests an attempt to exploit older vulnerabilities or trick users into enabling macros for malicious purposes, likely to download and execute a secondary payload.

Heuristics 2

ClamAV: Win.Trojan.Easy-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Easy-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.