Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 ef474341d1f2f4f8…

MALICIOUS

Office (OLE)

193.7 KB First seen: 2018-04-23
MD5: 892d83784f04e032bd6e76062d929d30 SHA-1: fb00ff236fe1ea8488b30fe2a7b61b1570fafd9a SHA-256: ef474341d1f2f4f85ab092f9bb400b0e41dc9962e9291781ed416f03f102feb2
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV with the signature 'Doc.Malware.Emodldr-10025032-0'. Although VBA extraction failed due to an unsupported format, the presence of an embedded URL and the ClamAV detection strongly suggest an attempt to exploit vulnerabilities and download a secondary payload. The document body's content is heavily obfuscated and truncated, preventing a more specific analysis of its lure.

Heuristics 3

  • ClamAV: Doc.Malware.Emodldr-10025032-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Malware.Emodldr-10025032-0
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    The Analyzer could not extract VBA macros: the document may be legacy, encrypted or malformed.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.