Office (OLE) malware analysis — malicious · a4e000ed96d84096

MALICIOUS

Office (OLE)

37.0 KB First seen: 2012-06-14

MD5: 97cf76a822f0727560aff567d3ee643a SHA-1: 49985cccce7902c14fc135f1a24fd186122e2ebb SHA-256: a4e000ed96d84096be413287936671e25a03db861bb77b74c1a6417479c297ff

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file exhibits characteristics of a legacy macro virus, specifically identified by "RSN MACRO VIRUS" markers and embedded text referencing "RSN MACRO VIRUS Goat file". The presence of legacy WordBasic macro virus markers and the explicit mention of "RSN MACRO VIRUS" in the document body strongly indicate its nature as a macro-based threat. While no specific delivery mechanism is evident beyond the macro itself, the file's intent is to propagate as a macro virus.

Heuristics 2

ClamAV: Win.Trojan.Xenixos-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Xenixos-1
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.