Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 e21ad111772125c8…

MALICIOUS

Office (OLE)

16.5 KB Created: 1999-07-27 19:12:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 20df20fbcd4caaa57f7355b3f1d6e020 SHA-1: 5f9387d5139381f6f48ed342db45dd1e5b548a8f SHA-256: e21ad111772125c86352a9b416915d3af94caf2fa8e2935ce8bc81aafc03a3ea
60 Risk Score

Malware Insights

The sample is an Office OLE document containing VBA macros. A critical heuristic identified it as Win.Trojan.C-71. The extracted VBA code includes an 'Encryptor for Macro Viruses' which appears to obfuscate other macros within the document, likely to hinder analysis and detection by security software. No external network activity or specific payload delivery was observed.

Heuristics 1

  • ClamAV: Win.Trojan.C-71 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.C-71