Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 9c55d0a4a3cfd159…

MALICIOUS

Office (OLE)

1.44 MB Created: 2002-11-06 15:55:26 Authoring application: Microsoft Office PowerPoint
MD5: df820a50fbf7fe9bc0847e26971d0f6e SHA-1: 5b11187c6a15f6cfc75fa64c3edf10e8712a8fc7 SHA-256: 9c55d0a4a3cfd159bae8836a7ee724e2f3ccbb82f66d4b450d370cbec9618a31
80 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Win.Joke.Apeldorn-1. It contains VBA macros, indicating a potential for malicious script execution. The document body discusses computer viruses and worms, presenting definitions and propagation methods, which appears to be a lure. Several unknown reputation URLs are embedded within the document, suggesting they could be used for further malicious activity or as part of the attack chain.

Heuristics 3

  • ClamAV: Win.Joke.Apeldorn-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Joke.Apeldorn-1
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://virusattack.virusattack.com.ar/hoaxes/verHoax.php3?idhoax=78
    • http://antimalwareonlinescannerv3.com
    • http://www.elhacker.net/hacking-programas-hack.htm
    • http://schemas.openxmlformats.org/drawingml/2006/main

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
989c544450e12075d7f7cf2d8076ed3a8c76fb98f9baf9730f2d2d118297fda1		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 501 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.