Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 a059686d83c66fec…

MALICIOUS

Office (OLE)

71.5 KB Created: 1996-09-03 11:16:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 8264a80df9f46b367119f72e9d7c0699 SHA-1: 3587977f0f3d857df4f2f020a447fbf5b70a8abd SHA-256: a059686d83c66fec51317b4e33cd6cd1159ae2755fca46dc5c4ee69261251884
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature 'Win.Trojan.Satanic-1'. Static analysis revealed legacy WordBasic auto-execution markers like 'AutoOpen' and 'AutoExec', indicating the presence of macros intended to run automatically. The document body contains text that appears to be related to these macros and potentially the malware name itself.

Heuristics 2

  • ClamAV: Win.Trojan.Satanic-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Satanic-1
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ole10native_00.bin ole-package OLE Ole10Native stream: ObjectPool/_903254519/Ole10Native 4100 bytes
SHA-256: c0ce8384d5865bb12de7577ed9cb047f0f2cf9e5727a81255589d3663cd5b824

Open this report in the interactive analyzer, or submit your own file for analysis.