Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 8301f8aa8d33ad85…

MALICIOUS

Office (OLE)

24.0 KB Created: 1997-09-19 07:50:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: ab881bfa951e43110b51c692cc13a81c SHA-1: dbaa2f18e2c7c815f387b4697d47a10e65fe0e4e SHA-256: 8301f8aa8d33ad853c29ba1db79ae0a0d74ccefaa4286626e8e35810a96d251b
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Win.Trojan.Twno-10. A legacy WordBasic AUTOOPEN macro was detected, which is a common technique for executing malicious code automatically when the document is opened. The presence of this marker suggests the file is designed to perform an unauthorized action upon user interaction.

Heuristics 2

  • ClamAV: Win.Trojan.Twno-10 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Twno-10
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.