Office (OLE) malware analysis — malicious · e8f7c99ea13cb169

MALICIOUS

Office (OLE)

9.0 KB Created: 1995-11-06 19:24:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: c03b42b02a8ea627704488dd276db1a1 SHA-1: 6962cb10d4ce7bf9922c331b7395accbb643d06a SHA-256: e8f7c99ea13cb1696d120011d950c6e7621622311139cdbf0917c2c9f052120e

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is an OLE file containing legacy WordBasic auto-exec macro markers, specifically 'AutoOpen'. This indicates an attempt to automatically run malicious code when the document is opened. The presence of 'Win.Trojan.Hunter-4' detection by ClamAV further confirms its malicious nature. The macro's intent is likely to download and execute a secondary payload, a common tactic for initial compromise.

Heuristics 2

ClamAV: Win.Trojan.Hunter-4 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Hunter-4
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.