Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 d5712b6b025a17e4…

MALICIOUS

Office (OLE) / .DOC

29.0 KB Created: 2007-03-30 13:47:00 Authoring application: Microsoft Word 8.0
MD5: 10e7024c8ca2c83262c6086d667c3a08 SHA-1: ca76f3942caf7e81c94818d478d4c2f23f20edf9 SHA-256: d5712b6b025a17e4643f8805df9f8da434504ba9f5fa970e6c63dce6c5fd1521
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is a Microsoft Word document containing VBA macros, specifically a Document_Open macro. This macro is designed to execute automatically when the document is opened, indicating a malicious intent to run arbitrary code. The ClamAV detection 'Doc.Trojan.Myco-1' further confirms its malicious nature. No specific IOCs like URLs or file paths were extracted from the limited document body, but the presence and execution of the macro are sufficient indicators of compromise.

Heuristics 3

  • ClamAV: Doc.Trojan.Myco-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Myco-1
  • Document_Open macro high OLE_VBA_DOCOPEN
    Document_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
7b9703567caef08859400d5c028546ac556a397c23a2f8007c7afc680ad6c341		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2917 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.