Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 db247663d8b1902f…

MALICIOUS

Office (OLE)

16.5 KB Created: 1997-06-10 01:00:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: c4ab9b2c401bb678efcbd2da4ebdce8d SHA-1: 9996d63db5a5afd3800ced9bce5761b1ab1e1622 SHA-256: db247663d8b1902f12a1289a44e184570fbc72a29dd36f0613a9da400fb42ef4
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a legacy WordBasic macro virus by heuristics, indicating the presence of malicious macro code. The document body contains strings related to WordBasic macros and printer utilities, which are likely used as a lure to trick the user into enabling or executing the macro. No specific IOCs were extracted beyond the heuristic detection.

Heuristics 2

  • ClamAV: Win.Trojan.Monday-2 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Monday-2
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.