Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 996252d4425fc1d5…

MALICIOUS

Office (OLE) / .PPT

905.5 KB Created: 2003-02-14 08:39:21 Authoring application: Microsoft PowerPoint
MD5: a7981111c4052ad8c27c7747f008dfdb SHA-1: 6b4005ad60e48df9f47320e35830564cff0d5777 SHA-256: 996252d4425fc1d5fcf3f99d2e1d6fe93deb2830b143b1e5efd6ec46072c4474
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is detected as Html.Trojan.VBSDelWin-1 by ClamAV, indicating a malicious nature. The document body contains embedded URLs that are likely used for malicious redirection or payload delivery. The presence of embedded URLs and the ClamAV detection suggest an attempt to trick the user into visiting malicious websites, potentially leading to further compromise.

Heuristics 2

  • ClamAV: Html.Trojan.VBSDelWin-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Html.Trojan.VBSDelWin-1
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.vitaconsult.biz
    • http://www.buerschgens.de/Prox/
    • http://www.zzee.com
    • http://baxpex.de

Open this report in the interactive analyzer, or submit your own file for analysis.