Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 b873449e3bf5eda2…

MALICIOUS

Office (OLE)

14.5 KB Created: 1997-04-26 09:26:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 252729b2304cdc2e91248cea567241eb SHA-1: 3819371b7ef4d0f8a3f6b7592927756cc27d97ee SHA-256: b873449e3bf5eda2512158e8c7ba1b8c38878b6e11c9243e9f589cd17c42af6c
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Win.Trojan.WallPaper-1. Static analysis revealed a legacy WordBasic auto-exec macro marker named 'autoOpen', indicating an attempt to run malicious code when the document is opened. The document body contains references to macro names and file paths, suggesting an attempt to install or spread further malicious content.

Heuristics 2

  • ClamAV: Win.Trojan.WallPaper-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.WallPaper-1
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.