Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 97652685ee4ce05d…

MALICIOUS

Office (OLE) / .DOC

58.0 KB Created: 2000-12-25 00:08:00 Authoring application: Microsoft Word 9.0
MD5: 6c7a637cb44ec801f4e81ba2f21931df SHA-1: 09edf41f075d8521dda1a5d9f4dc56eb5a960a16 SHA-256: 97652685ee4ce05d6ca1a0c3890f64c286e2f9a102c38acfc5a45abdd607aec4
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is a Microsoft Word document with a high-confidence heuristic indicating the presence of VBA macros, specifically an AutoOpen macro. This suggests the document is designed to automatically execute malicious code when opened. No specific malware family could be identified, and no external URLs or network indicators were extracted.

Heuristics 4

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://online.sfsu.edu/~shu/engr378/engr378.htm

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
a32d3197a6ed231f6cb497571ffd6f0268c8693fb8a9599eb16e47557066fcbf		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2349 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.