Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 e853f4fd08e84397…

MALICIOUS

Office (OLE)

15.5 KB Created: 1995-09-14 01:04:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 3c93101c0001415be65094528119e121 SHA-1: e2fc1652f134e2d444bab9c994c39087f3e20d1b SHA-256: e853f4fd08e84397cc0c9289bdf3addc3e6d4e1fc222418e37ccb6e9b161ceff
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Win.Trojan.Macro-11. Static analysis revealed a legacy WordBasic AUTOOPEN macro, which is a common indicator for macro-based malware. The presence of this marker suggests the document is designed to automatically execute malicious routines when opened, likely leading to further compromise.

Heuristics 2

  • ClamAV: Win.Trojan.Macro-11 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Macro-11
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.