Malicious Office (OLE) / .ORI — malware analysis report

Static analysis result for SHA-256 ca00af0e83bfa6c4…

MALICIOUS

Office (OLE) / .ORI

363.0 KB Created: 2010-09-03 06:25:08
MD5: 75c9d95535c08b88b41cf91b1ec93ffb SHA-1: 15dba412045bff5753cd99277692bfed203f0bb4 SHA-256: ca00af0e83bfa6c451b962d896cd837368017b698f465ff254c7d1f8d901944b
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The critical ClamAV heuristic firing indicates the presence of the 'Doc.Macro.Laroux-5893719-0' malware. The high severity heuristic for 'OLE_VBA_AUTO' confirms that an Auto_Open macro is present, which is a common technique for executing malicious code automatically when the document is opened. The presence of VBA macros and the Auto_Open function strongly suggests an attack pattern involving malicious document execution.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
ef21a95e8103463135e9f03a5807171a2d74eaaca10c098a1a757a9dd5f72d9e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1482 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.