Office (OLE) malware analysis — malicious · ab0d81330a869c20

MALICIOUS

Office (OLE)

12.5 KB Created: 1997-03-05 19:46:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: b0f475a92a9856ede05c84a1565ba4fd SHA-1: e706d22a926069f8a2350bfb505a3ed62b81f929 SHA-256: ab0d81330a869c202dcda7e1b033ece19d778cde4eb737ebf9ed916d51037954

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is a legacy Word document containing a WordBasic macro. The 'AutoOpen' macro marker indicates it is designed to execute automatically when the document is opened. This is a common technique for spreading macro viruses, as suggested by the heuristic firing and the document body's mention of a 'new macro virus'. The specific macro name 'AutoOpen' is included as an IOC.

Heuristics 2

ClamAV: Win.Trojan.Giant-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Giant-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.