Office (OLE) malware analysis — malicious · 91900c647376dcc5

MALICIOUS

Office (OLE)

11.0 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: d93f525b9324d8854364c79bcf2a25f3 SHA-1: abdd8e112bdc3b4f995c08735bd9f612a0bedf86 SHA-256: 91900c647376dcc543056d482d40fe6dcac601222a6bc4d785da8eee1063997a

80 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is detected as malicious by ClamAV with the signature Win.Trojan.Dodger-1. A legacy WordBasic auto-exec macro marker, FileSaveAs, was identified, suggesting an attempt to execute malicious code upon opening or saving the document. The document body contains references to system administration and file saving operations, further supporting the attack pattern.

Heuristics 2

ClamAV: Win.Trojan.Dodger-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Dodger-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.