Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 7953710f25b95a8d…

MALICIOUS

Office (OLE)

55.0 KB Created: 1998-05-28 23:20:00 Authoring application: Microsoft Word 6.0 First seen: 2015-05-10
MD5: 44addec994e76f28eaa9a990e7ddc992 SHA-1: 65707e6b990f79b75b25b67415e7da0884022fdf SHA-256: 7953710f25b95a8d5449673b141f3e7b9eddf74d1fe32a1284299cd8a7f2c62d
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file exhibits legacy WordBasic macro-virus markers, specifically indicating the presence of a 'ToolsMacro'. This strongly suggests the file contains malicious macro code intended to execute. While no specific IOCs like URLs or hashes were extracted, the presence of these markers is sufficient to classify it as malicious.

Heuristics 2

  • ClamAV: Win.Trojan.Cap-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Cap-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.