Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 e75f0ce4c56f8779…

MALICIOUS

Office (OLE)

22.0 KB Created: 1601-01-01 00:00:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 7b121ba0eeb794de0d7af6ee9a49c60e SHA-1: 686b8be238529c012d5b2c4f0a6ccd3e3abfd0a6 SHA-256: e75f0ce4c56f87793dd07ac461884546d068039e5826f106f8d818acc500d27d
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical ClamAV detection and the presence of legacy WordBasic macro markers strongly suggest this file is malicious. The extracted macro code explicitly mentions 'Concept Virus' and includes functions for detection and cleaning, indicating its purpose is related to this known macro virus family. The file's structure and content point towards an older generation of macro malware.

Heuristics 2

  • ClamAV: Win.Trojan.W-283 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.W-283
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.