Office (OLE) / .DOC malware analysis — malicious · d3d7eff91fd5ccb4

MALICIOUS

Office (OLE) / .DOC

43.5 KB Created: 2010-09-10 23:56:00 Authoring application: Microsoft Word 10.1

MD5: 92d58cfacfbed559387aa885a7fdb3bf SHA-1: 5ea704ad896f354853a031fea99ad47781623f86 SHA-256: d3d7eff91fd5ccb4b11e6d2e71da48abf2e1f6b2ebe78b3dde384ddbb408bf34

160 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The file is a Microsoft Word document containing VBA macros, specifically a Document_Open macro, which is a common delivery mechanism for malware. The document body presents an essay question to trick the user into enabling macros. The presence of VBA Chr string obfuscation and the ClamAV detection of 'Doc.Trojan.Story-1' strongly indicate malicious intent, likely to download and execute a secondary payload.

Heuristics 4

ClamAV: Doc.Trojan.Story-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Story-1
Document_Open macro high OLE_VBA_DOCOPEN

Document_Open macro
Suspicious extracted artifact high EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `c7c9a62b66923494ff2bdd7a0dee99f34e0ccc842de210f47d45841c64f6fb19`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	7054 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 9 Chr/ChrW string-construction calls.

Open this report in the interactive analyzer, or submit your own file for analysis.