Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 74901b90285efb04…

MALICIOUS

Office (OLE)

49.5 KB Created: 2003-08-16 07:45:00 Authoring application: Microsoft Word 10.0 First seen: 2012-06-14
MD5: 517a400e8d5cbe88754b0fa406aed14a SHA-1: 2325cfcc033b82ae0b8f6229cceed59cd3a69a5d SHA-256: 74901b90285efb04f7fd1061ee88323afb376c3fc5adecd729b6c8860d568d45
62 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV with the signature Doc.Trojan.Kaffer-1. Static analysis indicates it is an unsupported Office format, preventing VBA macro extraction. The presence of this signature suggests the file likely exploits a known vulnerability to achieve code execution.

Heuristics 2

  • ClamAV: Doc.Trojan.Kaffer-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Kaffer-1
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (AssertionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.