Office (OLE) malware analysis — malicious · f32405472da05f77

MALICIOUS

Office (OLE)

15.0 KB Created: 1997-03-10 20:03:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14

MD5: 7983e44780894ad6d3b8e4761decd9be SHA-1: e65a4572ca3e8c73bfd093b905073ce9a3ec4965 SHA-256: f32405472da05f77eee3d3dbff475ec233d14dfaaac0f5572a5fe3a573b61726

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is a legacy Word document containing a WordBasic auto-exec macro, indicated by the 'autoOpen' marker. This macro is designed to execute automatically upon opening, a common technique for initiating malicious actions. While the specific payload is not discernible from the provided evidence, the presence of an auto-exec macro strongly suggests a malicious intent, likely to download and execute further stages or perform other harmful actions.

Heuristics 2

ClamAV: Win.Trojan.Minimal-34 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Minimal-34
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.