Malicious Office (OOXML) / .DOC — malware analysis report

Static analysis result for SHA-256 d680a35fe30c58f9…

MALICIOUS

Office (OOXML) / .DOC

10.1 KB Created: 2018-03-07 09:39:00 UTC Authoring application: Microsoft Office Word 12.0000
MD5: c6cb6e2e44ebaf4b8f8c1f0e5d3eca1c SHA-1: b561852b64d81c918ab14a490ab5a09967eb2aaa SHA-256: d680a35fe30c58f9748b1c7cff4539aa1d594a588e833d6b74b00bcaadcb1146
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is detected as a downloader by ClamAV, indicating it is designed to fetch and execute additional malware. While no specific URLs or scripts were extracted, the heuristic detection strongly suggests a malicious downloader. The document body content is minimal and does not provide further clues.

Heuristics 2

  • ClamAV: Doc.Downloader.Redline-9972754-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Downloader.Redline-9972754-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/markup-compatibility/2006
    • http://schemas.openxmlformats.org/officeDocument/2006/relationships
    • http://schemas.openxmlformats.org/officeDocument/2006/math
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing
    • http://schemas.openxmlformats.org/wordprocessingml/2006/main
    • http://schemas.microsoft.com/office/word/2006/wordml

Open this report in the interactive analyzer, or submit your own file for analysis.