Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 d6772f5fad212425…

MALICIOUS

Office (OLE)

7.0 KB First seen: 2012-06-14
MD5: 93308c8348a779e7ca9eaac0ce092974 SHA-1: 971493599987311efcc0d2c40f05025b99cb0e0b SHA-256: d6772f5fad2124251f6e232b6e1543327c2821ff9f8234650418b9f3df43e7d0
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample exhibits legacy WordBasic macro virus markers, specifically 'RSN MACRO VIRUS', and the document body contains references to installing protection macros via 'AutoOpen'. This suggests the file is a classic macro-based malware designed to infect or spread.

Heuristics 2

  • ClamAV: Win.Trojan.Julho-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Julho-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.