Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 ca2a51386b91e304…

MALICIOUS

Office (OLE) / .DOC

3.28 MB Created: 2009-11-13 06:06:00 Authoring application: Microsoft Office Word
MD5: 8df5fe2159b1cc158c77122c4e6b44e8 SHA-1: b202a5abb52467c9fb6b6c0421b0c7eae45902d7 SHA-256: ca2a51386b91e304c329fbeed4d6e9d8c2a25afb74282ad148dc96e2b48cd9a0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is a Microsoft Office document containing a Document_Open VBA macro, indicating it is designed to execute malicious code automatically when opened. The macro source is substantial, suggesting complex functionality, likely for downloading and executing a second-stage payload. No specific family could be identified from the available evidence.

Heuristics 2

  • Document_Open macro high OLE_VBA_DOCOPEN
    Document_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
8c7ee125237356eda33d33f32e4ed17883c0a62866a4365ba4072d9a15cf6924		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 93094 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.