Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 db2dc14ddba892f9…

MALICIOUS

Office (OLE)

247.5 KB Created: 2010-05-27 15:49:00 Authoring application: Microsoft Word 10.1
MD5: e8c95c632e069f6ac5f9d4e5b9048071 SHA-1: 43f2ae3c4d01bc7d616574654ab3e2284aa413ec SHA-256: db2dc14ddba892f94d16e212d8ca7713ae5a18b950a49e520961a016985ff494
160 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an OLE document containing VBA macros, specifically a Document_Open macro, which is a common technique for initiating malicious activity upon opening. The ClamAV detection as 'Doc.Trojan.Story-1' further confirms its malicious nature. The VBA macros exhibit string obfuscation, suggesting an attempt to hide malicious code. The document body is minimal and does not provide further context on the lure.

Heuristics 4

  • ClamAV: Doc.Trojan.Story-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Story-1
  • Document_Open macro high OLE_VBA_DOCOPEN
    Document_Open macro
  • Suspicious extracted artifact high EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
09dada9621b26d5509539d7ce90855f288f8445c1cbe7d1f3140c647108c0356		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 7041 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 9 Chr/ChrW string-construction calls.

Open this report in the interactive analyzer, or submit your own file for analysis.