Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 eea1d0b1d6cf7904…

MALICIOUS

Office (OOXML)

223.7 KB Created: 2008-05-19 23:36:00 UTC Authoring application: Microsoft Office Word 14.0000 First seen: 2021-03-01
MD5: cb0d999bce1cab3bbad36b477d8bd91e SHA-1: 9dc33617ee51632d2ad9b93b63b87953c90d4851 SHA-256: eea1d0b1d6cf7904ae52af30cae9188f8abe30888cbcfd600afb085b487128f7
130 Risk Score

Heuristics 4

  • ClamAV: Doc.Exploit.DDEautoexec-6346603-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Exploit.DDEautoexec-6346603-1
  • Malicious DDE command critical OOXML_DDE_MALICIOUS
    DDE field in word/document.xml launches a dangerous executable: \\system32\\cmd.exe
  • External hyperlinks (41) low OOXML_EXTERNAL_HYPERLINKS
    Document contains 41 external hyperlinks — clickable URLs are stored as external relationships. First target: http://www.google.ca/search?client=firefox-a&rls=org.mozilla:en-GB:official&channel=s&hl=en&q=identity+map&meta=&btnG=Google+Search
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://codebetter.com/files/folders/codebetter_downloads/entry172562.aspx Document hyperlink
    • http://openmymind.net/CodeBetter.Foundations.zipDocument hyperlink
    • http://www.xprogramming.com/xpmag/whatisxp.htmDocument hyperlink
    • http://dotnetslackers.com/articles/designpatterns/IntroducingDependencyInjectionFrameworks.aspxDocument hyperlink
    • http://fitnesse.org/Document hyperlink
    • http://www.testdriven.net/Document hyperlink
    • http://www.nunit.org/Document hyperlink
    • http://www.ayende.com/projects/rhino-mocks.aspxDocument hyperlink
    • http://www.ncover.com/Document hyperlink
    • http://codebetter.com/blogs/karlseguin/archive/2009/05/25/revisiting-codebetter-canvas.aspxDocument hyperlink
    • http://codebetter.com/blogs/gregyoung/archive/2007/06/18/async-sockets-and-buffer-management.aspxDocument hyperlink
    • http://www.codebetter.com/Document hyperlink
    • http://schemas.microsoft.com/office/word/2010/wordprocessingCanvasIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/drawing/2014/chartexIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/drawing/2015/9/8/chartexIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/drawing/2015/10/21/chartexIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/drawing/2016/5/9/chartexIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/drawing/2016/5/10/chartexIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/drawing/2016/5/11/chartexIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/markup-compatibility/2006In document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/officeDocument/2006/relationshipsIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/officeDocument/2006/mathIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/wordprocessingml/2006/mainIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordmlIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2012/wordmlIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2006/wordmlIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordprocessingGroupIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordprocessingInkIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2010/wordprocessingShapeIn document text (OOXML body / shared strings)
    • http://structuremap.sourceforge.net/Document hyperlink
    • http://www.google.ca/search?client=firefox-a&rls=org.mozilla:en-GB:official&channel=s&hl=en&q=identity+map&meta=&btnG=Google+SearchDocument hyperlink
    • http://www.google.ca/search?hl=en&client=firefox-a&channel=s&rls=org.mozilla:en-GB:official&hs=ljw&q=unit+of+work&btnG=Search&meta=Document hyperlink
    • http://c2.com/xp/YouArentGonnaNeedIt.htmlDocument hyperlink
    • http://en.wikipedia.org/wiki/Don't_repeat_yourselfDocument hyperlink
    • http://www.hibernate.org/343.htmlDocument hyperlink
    • http://www.codinghorror.com/Document hyperlink
    • http://www.hibernate.org/hib_docs/nhibernate/1.2/reference/en/html_single/Document hyperlink
    • http://www.manning.com/kuate/Document hyperlink
    • http://www.codeproject.com/KB/recipes/sets.aspxDocument hyperlink
    • http://en.wikipedia.org/wiki/Garbage_collection_(computer_scienceDocument hyperlink
    • http://www.jetbrains.com/profiler/Document hyperlink
    • http://www.red-gate.com/products/Ants_Profiler/index.htmDocument hyperlink
    • http://msdn.microsoft.com/en-us/library/aa970850.aspxDocument hyperlink
    • http://weblogs.asp.net/okloeten/archive/2007/11/12/5090199.aspxDocument hyperlink
    • http://msdn.microsoft.com/en-us/library/b1yfkh5e(VS.71).aspxDocument hyperlink
    • http://logging.apache.org/log4net/index.htmlDocument hyperlink
    • http://msdn.microsoft.com/en-us/library/cc309506.aspxDocument hyperlink
    • http://en.wikipedia.org/wiki/Design_by_contractDocument hyperlink
    +9 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.