Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 858dfba0001970de…

MALICIOUS

Office (OLE)

11.0 KB Created: 1998-01-02 03:57:00 Authoring application: Microshit Word for Windows 69 First seen: 2012-06-14
MD5: 1c42a099b825b036f4b4eb9414117f38 SHA-1: 752fc873839d3dc2fd6f8fa94795ef58420c8010 SHA-256: 858dfba0001970de386152dbb04a454c52b3a38f78824d6af47c9b60163e208f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as Win.Trojan.Spell-1 by ClamAV, indicating it is a known malicious macro-based document. The document body text suggests a lure related to spelling tools, which is a common social engineering tactic to encourage users to enable macros. The presence of macro-related heuristics strongly suggests the use of Visual Basic for malicious purposes.

Heuristics 1

  • ClamAV: Win.Trojan.Spell-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Spell-1

Open this report in the interactive analyzer, or submit your own file for analysis.