Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 b9e0aa9a3a459d6b…

MALICIOUS

Office (OLE)

21.0 KB Created: 1997-05-16 23:38:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: a9c75b52ce363b33ed5557c8f3e8033a SHA-1: f47b290e6c76bc349e1022366c83dd0064026cd2 SHA-256: b9e0aa9a3a459d6b9465a737ed25c670f5b8a84cfa6fa8d4a49a5d4d3854cb08
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as Win.Trojan.Kilok-3 by ClamAV, indicating malicious intent. The document body contains keywords like 'NoMercy', 'CRYPT.DOT', and 'FILECLOSE' alongside references to macro execution, suggesting a macro-enabled document designed to perform malicious actions. The presence of these elements points towards a malicious document, likely delivered as a spearphishing attachment.

Heuristics 1

  • ClamAV: Win.Trojan.Kilok-3 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Kilok-3