Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 77166146463b9124…

MALICIOUS

Office (OLE)

25.5 KB Created: 2011-08-15 07:15:00 Authoring application: Microsoft Office Word First seen: 2017-05-13
MD5: 7fcf20302404f644fb07fe9d4fe9ac84 SHA-1: 0e12c8ab9b89b6eb6baf16c4b3bbf9530067963f SHA-256: 77166146463b9124e075f3a7925075f969974e32746c78d022ba99f578b9f0bb
62 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV with the signature 'Doc.Dropper.Agent-5893647-0', indicating it is a document dropper. The presence of an embedded URL, though benign, suggests an attempt to fetch additional content or redirect the user. The exact nature of the exploit or payload is not detailed by the heuristics, but the classification points towards client execution.

Heuristics 2

  • ClamAV: Doc.Dropper.Agent-5893647-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-5893647-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)