Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 9c029b5f22342758…

MALICIOUS

Office (OLE)

7.0 KB First seen: 2012-06-14
MD5: 50c3a5b8ec38bf9caf9dacd3da90049b SHA-1: 11ced337fbc8e36a7efb3c163b54a1792c1f5755 SHA-256: 9c029b5f223427589671c3409960eca7852e9fd27de5edc258121ee1de4eef7d
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample exhibits characteristics of a legacy macro virus, specifically identified by the "RSN MACRO VIRUS" marker and ClamAV detection as Win.Trojan.Gsis-1. The document body explicitly mentions "RSN MACRO VIRUS Goat file" and contains VBA macro-related elements like "AutoOpen", indicating the presence of malicious macro code designed to execute automatically. The file's age and detection signature suggest it is an old, but still recognized, piece of malware.

Heuristics 2

  • ClamAV: Win.Trojan.Gsis-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Gsis-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.