Office (OLE) malware analysis — malicious · 93cb28d144f2a00b

MALICIOUS

Office (OLE)

7.5 KB Created: 1996-11-18 22:38:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: d8be30007d6d4c63fa5ac01f12e18aa1 SHA-1: def474c9556682eeadc3e637ef8950c5520e74a7 SHA-256: 93cb28d144f2a00b402ef5cf370dc3dcf971e4ba85e9495762941ea81e62e31c

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The critical ClamAV heuristic indicates this is a known malware variant (Doc.Trojan.Random-1). The legacy WordBasic autoOpen macro firing confirms the presence of an auto-executing macro, which is a common technique for initial execution of malicious payloads. The presence of 'autoOpen' in the document body further supports this, suggesting the macro is designed to run automatically when the document is opened.

Heuristics 2

ClamAV: Doc.Trojan.Random-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Random-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.