Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 76676ccaf831a394…

MALICIOUS

Office (OLE) / .EXE

46.0 KB Created: 2000-03-22 12:28:00 Authoring application: Microsoft Word 8.0
MD5: 8baf80e98503a9cd190ad9ad6a5ba63e SHA-1: e65f104c98794b96de1edc89ee14899c79abdbac SHA-256: 76676ccaf831a3944c43d6ef72a40f58d818b3d6b09c8ef4b8b7788373697daf
160 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file contains VBA macros, including AutoOpen and Auto_Close, which are commonly used to execute malicious code upon opening or closing a document. The macro code attempts to copy itself and other macros to the global template, indicating an attempt to establish persistence or spread. The ClamAV detection 'Legacy.Trojan.Agent-658' further supports its malicious nature. The document body's content is irrelevant as the primary malicious activity is driven by the VBA macros.

Heuristics 4

  • ClamAV: Legacy.Trojan.Agent-658 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-658
  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
c9388de6eee406e3e2564422e8451b01e841344c5e85261f21f9e971d1c516b6		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 5856 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.