Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 eb5e41b7aa6d45e4…

MALICIOUS

Office (OLE)

11.0 KB Created: 1997-12-31 17:52:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: 4ffa60f944b07c43de1df4827b241a8c SHA-1: d796fb0d9a3c03c62559dfc32856e9e08ef1ec78 SHA-256: eb5e41b7aa6d45e4b7f8d06292643e857d1d9ce0564a114bfe3a49daf4916a47
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Win.Trojan.Cebu-1. Static analysis revealed legacy WordBasic auto-execution markers such as 'Autoclose' and 'AutoOpen', indicating the presence of macros designed to run automatically. These macros are likely responsible for the malicious behavior, although their specific actions cannot be determined from the provided evidence.

Heuristics 2

  • ClamAV: Win.Trojan.Cebu-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Cebu-1
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.