Win.Trojan.Ultras-5 Office (OLE) malware analysis — malicious · a06a7bd7e9d0aa57

MALICIOUS

Office (OLE)

12.0 KB Created: 1996-08-06 10:16:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14

MD5: 763843e38aa78f27e64ecdc896344271 SHA-1: 80e99e2c53592c76d8bdce00666502e5ef6b75a7 SHA-256: a06a7bd7e9d0aa57095f3aeab426bb40c48da98c7223e6955dbed6c3082911f3

100 Risk Score

Malware Insights

Win.Trojan.Ultras-5 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The sample exhibits legacy WordBasic macro virus markers, specifically indicating the presence of 'ToolsMacro'. ClamAV detection confirms this as 'Win.Trojan.Ultras-5'. The document body contains strings that appear to be registry keys and file paths, potentially related to the malware's functionality or configuration. The presence of legacy macro code strongly suggests an attempt to execute arbitrary code.

Heuristics 2

ClamAV: Win.Trojan.Ultras-5 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Ultras-5
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.