Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 c150de82fe70d539…

MALICIOUS

Office (OLE) / .PPT

237.0 KB Created: 2010-06-01 11:37:55 Authoring application: Microsoft PowerPoint
MD5: c88bf2cf9baa9ac90ab3d16677a516a5 SHA-1: 580d336ea0fa6983568af33701436e032eb2260f SHA-256: c150de82fe70d5393019de344696f9af5a0692ddcb9bfb0f9f3bd0834078afae
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PowerPoint presentation that ClamAV detected as Doc.Trojan.Thus-8. OleVBA reported an unsupported format for VBA extraction, indicating potential obfuscation or encryption. The document body contains seemingly legitimate educational content, likely serving as a lure. The primary indicator of maliciousness is the ClamAV detection.

Heuristics 2

  • ClamAV: Doc.Trojan.Thus-8 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Thus-8
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (FileOpenError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.