Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 72294ddc09814980…

MALICIOUS

Office (OLE)

454.0 KB Created: 2009-11-05 02:37:00 Authoring application: Microsoft Word 11.3.5
MD5: 957bb686d32e84d558e4f3c88f57274c SHA-1: 1309fb7d2bba67fc30df0e63699d7557f16f82d8 SHA-256: 72294ddc09814980d46717abd6c50b2adf24ce550b9016a15731e4c1b1f19f15
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature 'Doc.Trojan.Thus-16'. It contains VBA macros, specifically a 'Document_Open' macro, which is a common technique for executing malicious code upon opening the document. The macro attempts to copy itself and potentially disable security features, indicating an intent to download and execute further payloads.

Heuristics 3

  • ClamAV: Doc.Trojan.Thus-16 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Thus-16
  • Document_Open macro high OLE_VBA_DOCOPEN
    Document_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
9d4cc1797b936f1525d8d629627a88f7ee5da07ae6f7f77f231f81fedcf7de4f		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1956 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.