Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 c202257df4c0234c…

MALICIOUS

Office (OLE)

6.5 KB First seen: 2012-06-14
MD5: a27c083af5cc261a85f33a7730695160 SHA-1: 64b5da14939b031d1873d78c2538d7b740ea455d SHA-256: c202257df4c0234cb6aeec92beeec6a40e683c29ecbc291051bc7e87c42e838a
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file exhibits legacy WordBasic macro virus markers, specifically 'RSN MACRO VIRUS', and the document body contains text that appears to be part of a macro-based lure. The presence of these markers and the suggestive text indicate an attempt to trick users into enabling macros for malicious purposes. The ClamAV detection further supports its classification as malware.

Heuristics 2

  • ClamAV: Win.Trojan.Twno-10 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Twno-10
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.