MALICIOUS
280
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The file is identified as malicious by ClamAV with the signature Win.Joke.Salary-1. It contains an embedded PE executable, indicating it is likely a dropper or part of a multi-stage attack. The presence of VirtualAlloc, LoadLibrary, and GetProcAddress API references suggests the embedded executable is designed to load and execute code dynamically.
Heuristics 5
-
ClamAV: Win.Joke.Salary-1 critical CLAMAV_DETECTIONClamAV detected this file as malware: Win.Joke.Salary-1
-
Embedded PE executable critical OLE_EMBEDDED_EXEMZ/PE header found inside document — possible embedded executable
-
Reference to LoadLibrary API high SC_STR_LOADLIBRARYReference to LoadLibrary API
-
Reference to GetProcAddress API high SC_STR_GETPROCADDRESSReference to GetProcAddress API
-
Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOCReference to VirtualAlloc API
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
embedded_office_00004800.exe |
embedded-pe | Office MZ+PE at offset 0x4800 | 195584 bytes |
SHA-256: 43187d06a1a76c531c48fce04d08ec843728114dbba214cb6c418978c7069553 |
|||
|
Detection
ClamAV:
Win.Joke.Salary-1
Obfuscation or payload:
unlikely
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.