Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 77960f1f209d716c…

MALICIOUS

Office (OLE)

11.5 KB Created: 1997-04-04 21:32:00 Authoring application: Microsoft Word for Windows 95
MD5: 812ef1f195985ac70766cf72ec529372 SHA-1: ef1ede28405e1ea6a4253eb7334581972633ed40 SHA-256: 77960f1f209d716c7f84111e53b53eddd99a21b0de92969c445ef0a9e1fec849
60 Risk Score

Malware Insights

MITRE ATT&CK
T1547.001 Registry Run Keys / Startup Folder

The sample is a Word 95 document containing a VBA macro named 'autoopen'. This macro attempts to copy the current document to the default Word template ('normal.dot') and uses the Organizer object, suggesting an intent to establish persistence or modify the user's default behavior. The 'autoopen' subroutine is a known mechanism for automatic execution upon document opening.

Heuristics 1

  • ClamAV: Win.Trojan.Minimal-57 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Minimal-57

Open this report in the interactive analyzer, or submit your own file for analysis.