Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 deefcb746975ab51…

MALICIOUS

Office (OLE)

16.5 KB Created: 1998-03-11 20:47:00 Authoring application: Microsoft Word 6.0 First seen: 2015-09-24
MD5: 68076b9ab8816f34576f100d9a63f7c0 SHA-1: b217705715ca8b861d418bbb54508063e25b1b1d SHA-256: deefcb746975ab517475f09627b6586dc792c6a6b9a5a77c7eb4be757bcab3d0
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is identified as a legacy Wordmacro virus, specifically 'Wordmacro.Padania', by ClamAV. A critical heuristic detected the presence of a legacy WordBasic auto-exec macro marker named 'AutoOpen'. The document body explicitly mentions the 'Wordmacro.Padania' virus and its authors, indicating a historical malware artifact.

Heuristics 2

  • ClamAV: Win.Trojan.Padania-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Padania-5
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.