Office (OLE) malware analysis — malicious · ba006ba752f0fa0d

MALICIOUS

Office (OLE)

12.0 KB Created: 1998-02-12 01:38:00 Authoring application: Microsoft Word for Windows 95 First seen: 2015-09-15

MD5: 102cb52b15e38f952ef9e8b5890a90c0 SHA-1: ab5d05b5f574a26902c942fd40664c34533a168f SHA-256: ba006ba752f0fa0d38486f9694c49ad3c00953b5a8ca9ea76448345d38414077

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an OLE document containing legacy WordBasic macros, indicated by the AUTOOPEN marker and the OLE_LEGACY_WORDBASIC_AUTOEXEC heuristic. The ClamAV detection confirms its malicious nature. The presence of AUTOOPEN suggests the macro executes automatically, likely to download and execute a secondary payload, which is a common tactic for initial compromise via spearphishing attachments.

Heuristics 2

ClamAV: Win.Trojan.Macro-11 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Macro-11
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.