Office (OLE) / .A malware analysis — malicious · 83308497d962bb0a

MALICIOUS

Office (OLE) / .A

469.5 KB Created: 2000-10-07 04:17:00 Authoring application: Microsoft Word 9.0

MD5: b56ae000bd3f1f8ef22aab9023dafe1d SHA-1: dd45fbd5b067cc9d2fcb307b34cd5d5c7506914e SHA-256: 83308497d962bb0ade546c3e3f8d42b9858fd435a20b0f7f3ff59ead0f10df08

140 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is detected as Win.Trojan.Psycho-3 by ClamAV, indicating malicious intent. The presence of an embedded URL pointing to 'www.WalruS.8k.com' suggests a potential download or redirection to malicious content. The heuristic firing for 'SC_STR_WSCRIPT' indicates the use of Windows Script Host, often employed to execute downloaded payloads or scripts.

Heuristics 4

ClamAV: Win.Trojan.Psycho-3 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Psycho-3
Reference to Windows Script Host high SC_STR_WSCRIPT

Reference to Windows Script Host
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 480,768 bytes but its declared streams total only 16,490 bytes — 464,278 bytes (97%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.WalruS.8k.com�

Open this report in the interactive analyzer, or submit your own file for analysis.