Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 b0630efb58305ba1…

MALICIOUS

Office (OLE)

241.0 KB Created: 1996-07-31 16:55:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: da8ab745d4500f5569e00e815b34036c SHA-1: 08c44a55e285943adb7c458fcd065abbb48abef1 SHA-256: b0630efb58305ba175b735a22ee39640c0fd04c7e2648b54486e18d6f804bc70
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as a Macro Virus Development Kit (MVDK) based on its document body content and a critical ClamAV heuristic. The kit explicitly describes functionalities for creating viruses that can set document passwords, erase system files, or drop and execute other executables. The presence of VBA macro development tools strongly suggests an intent to facilitate the creation and distribution of malicious Office documents, aligning with Spearphishing Attachment tactics.

Heuristics 1

  • ClamAV: Win.Tool.WM-13 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Tool.WM-13