Office (OLE) malware analysis — malicious · f398f9f3d1e18faf

MALICIOUS

Office (OLE)

12.5 KB Created: 1996-09-25 23:58:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14

MD5: f91d21a5dff8f4324e90c733e3f85a25 SHA-1: ddf643bad02495a433daf9444760ea3d248f803c SHA-256: f398f9f3d1e18faf7336d1fd66a8fefd5eb73e2e85e1abd56053df6339b5aae8

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Win.Trojan.Taguchi-1. A legacy WordBasic auto-exec macro marker ('autoclose') was detected, indicating the potential for automatic execution of malicious code upon opening the document. The document body contains references to 'goat' and 'Ditry PC', suggesting a lure or internal naming convention.

Heuristics 2

ClamAV: Win.Trojan.Taguchi-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Taguchi-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.