Office (OLE) / .DOC malware analysis — malicious · 8f713ff5499cdfab

MALICIOUS

Office (OLE) / .DOC

636.5 KB Created: 2020-01-17 11:05:00 Authoring application: Microsoft Office Word

MD5: 4d3ecf322592c0271567d5bbcdbdd607 SHA-1: 0a443c70bb0ead5dbab7c8dc09a5dd7a190facc1 SHA-256: 8f713ff5499cdfabe32027af0c4655ce3b0e8f1d4571a1a606954e10bf4aaca6

160 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1059.001 PowerShell T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature 'Doc.Dropper.Agent-7550692-0'. Static analysis detected VBA macros, including CreateObject and CallByName calls, which are commonly used to execute malicious code. The presence of these indicators suggests the macro is designed to download and execute a secondary payload. The truncated document body and script content prevent a more detailed analysis of the specific execution flow or final payload.

Heuristics 5

ClamAV: Doc.Dropper.Agent-7550692-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-7550692-0
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
CallByName call high OLE_VBA_CALLBYNAME

CallByName call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `09f9f8d3db8f25c19cec459815f5ac6baa08dc2f750cc46afc97946e0415ef19`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	5498 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.