Office (OLE) / .DOC static analysis report

Static analysis result for SHA-256 ab6429f118adb475…

SUSPICIOUS

Office (OLE) / .DOC

106.5 KB Created: 2007-08-30 20:39:00 Authoring application: Microsoft Word 9.0 First seen: 2026-05-10
MD5: 5cf0f7bf945cf058a035e50c8cbf1cfe SHA-1: 04c242e4a0b4d297060fc065db920a26727d9b9a SHA-256: ab6429f118adb47577effb90ebf5eafaf035ad5685f9c4cfceadbed9399cf654
44 Risk Score

Heuristics 3

  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.
  • VBA project contains no executable statements info OLE_VBA_MACROS
    Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.hotelurupema.com.br/images/hotel2.jpg In document text (OLE body)
    • http://www.hotelurupema.com.br/images/quarto.jpgIn document text (OLE body)
    • http://www.hotelurupema.com.br/images/recepcao2.jpgIn document text (OLE body)
    • http://www.hotelurupema.com.brIn document text (OLE body)