MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample is identified as malicious due to the critical heuristic firing indicating an OLE package that drops an auto-executable payload. This payload is specifically the EICAR test signature, a standard method for verifying antivirus functionality. The embedded file is named 'eicar.com', which is a direct IOC.
Heuristics 2
-
ClamAV: Eicar-Test-Signature critical CLAMAV_DETECTIONClamAV detected this file as malware: Eicar-Test-Signature
-
Ole10Native package drops an auto-executable payload critical OFFICE_PACKAGE_RISKY_FILEOLE Package displayName or fullPath ends in a directly auto-executable extension (a runnable binary or a script the default shell host runs on double-click). Embedding such a payload inside an Office document has no benign authoring use — it is a malware-delivery dropper.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ole10native_00.bin |
ole-package | OLE Ole10Native stream: MBD00065FB8/Ole10Native | 317 bytes |
SHA-256: 2fd88ddf92804d289db4fdf341738339cda0e9453ae5ed04ca68e1e5d583b5dd |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.