Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 e4cc957496451c20…

MALICIOUS

Office (OLE)

61.5 KB Created: 1997-12-15 18:58:00 Authoring application: Microsoft Word 8.0
MD5: e07e2b38c2b349a3a1715e83fdbffb0c SHA-1: f10772c8322a0ea02a902a6121fc758fce48e216 SHA-256: e4cc957496451c20fc151c16285a825e1c1f11d777097e4a6c8b1b0d1654a588
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an OLE document containing a VBA macro, specifically an AutoOpen macro, which is a common technique for executing malicious code automatically when the document is opened. The presence of the AutoOpen macro strongly suggests an intent to run arbitrary code. No specific family could be identified from the provided evidence.

Heuristics 2

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
f6a799c3dca4205eec63a72ec2fb1dd0266c8be6a7510ac0bf2c1c294826ec3d		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3283 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.