Office (OLE) malware analysis — malicious · de3e92b366247099

MALICIOUS

Office (OLE)

27.0 KB Created: 1999-04-01 15:20:00 Authoring application: Microsoft Word 6.0 First seen: 2017-07-23

MD5: 5a6a5479f9477bf2015a8fdef2d8e9cf SHA-1: 39677d14cfa9d36de8222bb69c4f9a757d48ca92 SHA-256: de3e92b36624709936611ad94ff594475aa147fbfffe9f4a9ab4556b4eebe0b5

102 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file exhibits legacy WordBasic macro virus markers, indicating the presence of potentially malicious macro code. While the embedded URL was flagged as confirmed benign, the presence of macro markers and the overall structure suggest a malicious intent, likely to execute arbitrary code or redirect the user. No specific family could be identified.

Heuristics 3

ClamAV: Win.Trojan.Cap-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Cap-1
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.chat.ru/~vismoldi In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.