Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 a36da39e12ba4b90…

MALICIOUS

Office (OLE)

15.5 KB First seen: 2017-06-27
MD5: 49c83bc00ece4bdfa68eb6b599f4d266 SHA-1: 7e2b164e2749f3e062708801690da87f472f0e02 SHA-256: a36da39e12ba4b90fb14ada253d6423d0faf6d735c6df50d41cdde33aa70bfde
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample was flagged with a critical ClamAV detection for Win.Trojan.Emperor-5 and also exhibited legacy WordBasic macro virus markers. The presence of these indicators suggests the file is a malicious macro-enabled document, likely designed to download and execute a secondary payload.

Heuristics 2

  • ClamAV: Win.Trojan.Emperor-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Emperor-5
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.