Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 7536bdbe5e7f4e16…

MALICIOUS

Office (OLE) / .EXE

46.0 KB Created: 1998-07-20 15:05:00 Authoring application: Microsoft Word 8.0
MD5: e6a6f0e01a8c6f65dbc29ed041e9dd28 SHA-1: 6951dbba3ee54917ec29f61eb16f640e94d353d1 SHA-256: 7536bdbe5e7f4e1685a30bcbfdd92cdf8a828a17a82393d0a334af738d69e31f
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical ClamAV heuristic identified the file as Win.Trojan.Pivis-2. The presence of a high-severity AutoOpen VBA macro indicates that the malicious code executes automatically upon opening the document. No specific document body content was extractable, but the macro's presence and the ClamAV detection strongly suggest a malicious intent, likely to download and execute a secondary payload.

Heuristics 3

  • ClamAV: Win.Trojan.Pivis-2 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Pivis-2
  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
dd624cce4c07e93a087686a642d51c7716372ec4ac5e1e893fba661ea835956a		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 4501 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.