MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1204.002 Malicious File
The file is a Microsoft Word document containing a VBA macro, as indicated by the OLE_VBA_MACROS and OLE_VBA_DOCOPEN heuristics. The SC_STR_WSCRIPT heuristic suggests the macro may leverage Windows Script Host. While the document body discusses a Greek Ministry of Press and Media, the presence of multiple unknown URLs within the document suggests a potential lure for malicious activity. The macro likely downloads and executes a second-stage payload from one of these URLs.
Heuristics 5
-
ClamAV: Doc.Trojan.Walker-9 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Trojan.Walker-9
-
Reference to Windows Script Host high SC_STR_WSCRIPTReference to Windows Script Host
-
Document_Open macro high OLE_VBA_DOCOPENDocument_Open macro
-
VBA macros detected medium OLE_VBA_MACROSDocument contains VBA macro code
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://lv/minpress/
- http://www.presslibraries.gr/
- http://www.greeknewsagenda.gr/
- http://www.minpress.gr/minpress/index/other_pages-2/yunanistana_pencere.htm
- http://www.minpress.gr/minpress/index/other_pages-2/chinese_bulletin.htm
- http://www.europe4me.gr/
- http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
- http://validator.w3.org/check?uri=referer
- http://jigsaw.w3.org/css-validator/check/referer
- http://www.w3.org/WAI/WCAG1A-Conformance
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.basfc552ca04661e6a87897ed796790ead4fa37fb414b843980bac042ae1e4059ff |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 11975 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.