Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 cf0f5f1d8ad942e7…

MALICIOUS

Office (OLE)

44.0 KB Created: 1997-03-06 16:08:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: 0f995179cbc31bcf5b7d9143f0f221df SHA-1: 9753860f3ef62eac5dcef7dc2556895623447f57 SHA-256: cf0f5f1d8ad942e733d40d37a146f1e78d5f60113e1c0f3df36470c3eb8f8c7f
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical ClamAV heuristic identified the file as Win.Trojan.WM-16. Additionally, a legacy WordBasic auto-exec macro marker (AutoOpen) was detected, suggesting the document is designed to run malicious code upon opening. The presence of numerous AutoOpen, AutoExec, AutoNew, and AutoClose macro definitions strongly supports this.

Heuristics 2

  • ClamAV: Win.Trojan.WM-16 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.WM-16
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.