Office (OLE) malware analysis — malicious · 865088d5dd28601d

MALICIOUS

Office (OLE)

51.5 KB Created: 1996-07-26 09:13:00 Authoring application: Microsoft Word 6.0 First seen: 2015-10-01

MD5: c01b1d6a8de4bbb7f33688dd377664f0 SHA-1: 8863507bfc795ce1200f4340a58ae0ff3d284004 SHA-256: 865088d5dd28601d85fd37af810f7b6c07c6105f046ffaabd9fdabc1f3be846a

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The critical ClamAV heuristic indicates this is a Win.Trojan.Macro. The presence of a legacy WordBasic AUTOOPEN macro suggests the document is designed to automatically execute malicious code when opened. This macro likely serves as a loader for a secondary payload, although the specific download mechanism and target are not detailed in the extracted evidence.

Heuristics 2

ClamAV: Win.Trojan.Macro-11 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Macro-11
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.