Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 b1c877933d72ce21…

MALICIOUS

Office (OLE)

36.5 KB Created: 1996-09-15 13:25:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: dc2b45d2a4fe19b51c4b522db464d5a1 SHA-1: 65a347da11a8c60e1b3713e2d7478893edd6739d SHA-256: b1c877933d72ce21b52cd2e2a2515f064bc114c658cf9052b81c4e5eafbe809e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link

The file is detected as Doc.Trojan.Outlaw-1 by ClamAV, indicating malicious intent. The document body contains seemingly innocuous text related to office document standards and error correction, likely serving as a lure. The presence of strings like 'D:\OUTLAW\o_encry.doc0' and 'VirNamePayload0' suggests the document may be designed to drop or execute a payload, although no specific script or exploit was extracted.

Heuristics 1

  • ClamAV: Doc.Trojan.Outlaw-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Outlaw-1