Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 dfd89d3dae829321…

MALICIOUS

Office (OLE)

11.5 KB Created: 2027-12-31 00:00:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: cd087598cca48123e2cae593d2fb33cc SHA-1: 2b7bd3c92a0b59c132b2ec6dc7f470cbec59c950 SHA-256: dfd89d3dae829321ffa3e7ddfe2bcd565a82e16b51aa11fe7ecec7ae88e213b9
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an OLE file containing legacy WordBasic macro code. The 'OLE_LEGACY_WORDBASIC_AUTOEXEC' heuristic firing indicates the presence of an auto-executing macro, specifically triggered by 'FileSaveAs'. The document body contains extensive comments and code related to macro self-modification, suggesting an attempt to evade signature-based detection. The ClamAV detection 'Win.Trojan.Smmd-1' further confirms its malicious nature, though the specific payload or ultimate goal is not detailed in the provided evidence.

Heuristics 2

  • ClamAV: Win.Trojan.Smmd-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Smmd-1
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.