Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 bb49bebd658f6b82…

MALICIOUS

Office (OLE)

174.5 KB First seen: 2018-11-13
MD5: 93aeaf42d48c5be6516e1cbeacc2d33e SHA-1: 879f668dabe4aff9a1acbe2f980fd150c706e112 SHA-256: bb49bebd658f6b82f6e5a09e076f0e237b48741f1160b69b8cdd6ecbdc4a8530
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as malicious by ClamAV with the identifier Doc.Malware.Emodldr-10025032-0. While VBA extraction failed due to an unsupported format, the presence of an embedded URL suggests an attempt to download or link to malicious content. The overall evidence points towards a malicious document, likely delivered as a spearphishing attachment.

Heuristics 3

  • ClamAV: Doc.Malware.Emodldr-10025032-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Malware.Emodldr-10025032-0
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    The Analyzer could not extract VBA macros: the document may be legacy, encrypted or malformed.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.