Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 f3aa00565123589d…

MALICIOUS

Office (OLE) / .DOC

3.62 MB Created: 2009-02-05 14:13:00 Authoring application: Microsoft Office Word
MD5: 442d02c2f32d7489de6023c17a863c22 SHA-1: 904c8d257c12f1347a0be1565fac971209baa4e8 SHA-256: f3aa00565123589dccdb56d6bb36a6b3d116ac58db6e7a9f8896bf685fc8e8b2
82 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link

The primary heuristic indicates this document is designed as an advance-fee scam, using lures related to lotteries, prizes, or funds requiring courier delivery. While numerous URLs were extracted, most are confirmed benign or unknown, with a few unknown links to 'aksgonline.com' and 'lotsofessays.com' being the most potentially relevant IOCs. No scripts were extracted from this sample.

Heuristics 3

  • Office EPRINT stream contains EMF object high CVE related OLE_EPRINT_EMF_OBJECT
    OLE ObjectPool contains an EPRINT stream with EMF data. This is rare in normal documents and is CVE-2007-3893/MS07-046-family evidence when paired with Office exploit payload anomalies, but the malformed EMF record is not proven by this rule alone.
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.lotsofessays.com/essay_search/political_socialization.html
    • http://www.aksgonline.com/house_members.aspx
    • http://www.aksgonline.com/about_people.aspx
    • http://www.womenintechnology.co.uk/
    • http://www.google.com.ng/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=0CF0QFjAH&url=http%3A%2F%2Fwww.onlinenigeria.com%2Flinks%2Fakwaibomadv.asp%3Fblurb%3D185&ei=_EpSU47dGYvKObCggJAG&usg=AFQjCNEwT7RgFrNJyTtPHCEhUpX2alzL9A&bvm=bv.65058239,d.ZWU&cad=rja
    • http://www.aksgonline.com/about_geography.aspx
    • http://afrocubaweb.com/abakwa/basseycoronation.htm
    • http://www.aksgonline.com/about_resource.aspx
    • http://www.aksgonline.com/about_social.aspx
    • http://www.akwaibomnewsonline.com/aksg-websites/akwa-ibom-governors.php
    • http://www.onlinenigeria.com/links/akwaibomadv.asp?blurb=185
    • http://www.baobabwomen.org/Review%20of%20Women%27s%20Participation%20and%20Performance%20at%20the%202011%20General%20Election%20in%20Nigeria.pdf
    • http://www.africaresource.com
    • http://www.iiste.org/Journals/index.php/EJBM/issue/view/470
    • http://www.iiste.org/Journals/index.php/EJBM/article/view/3594%20on%205/02/2013
    • http://www.iiste.org/Journals/index.php/EJBM/article/view/3594
    • http://www.jsd-africa.com/Jsda/V10N4_Spring2009/PDF/SustainableDevlopmentNigera.pdf
    • http://www.ngex.com/nigeria/places/states/akwaibom.htm
    • http://www.google.com.ng/url?url=http://www.aksgonline.com/government.aspx&rct=j&sa=X&ei=-1GOUPr4FOqP0QG7m4HoDw&ved=0CB8Q6QUoADAA&q=update+of+women+in+Akwa+Ibom+State+House+of+Representatives&usg=AFQjCNE9R7fBJ9HFWKGbeqoKT8WRGZNV4A
    • http://africanexecutive.com/downloads/Women%20and%20Participation%20in%20Nigeria.pdf
    • http://www.genderacrossborders.com/2011/10/14/beyond-numbers-women%e2%80%99s-political-marginalisation-in-nigeria/
    • http://www.genderacrossborders.com/2011/10/14/beyond-numbers-women%E2%80%99s-political-marginalisation-in-nigeria/
    • http://www.ccee.edu.uy/ensenian/catgenyeco/Materiales/2011-08-10%20M2%20-
    • http://www.wesoedu.com/nard/NARD%208.2/NARD_Vol_8_No_2.pdf
    • http://www.asienkunde.de/content/zeitschrift_asien/archiv/pdf/114-
    • http://www.power-men.com/main/modules/news/article.php?storyid=235
    • http://www.eclac.org/publicaciones/xml/4/19764/lcl1962i.pdf
    • http://www.onlinenigeria.com/links/adv.asp?blurb=150
    • http://www.thp.org/what_we_do/program_overview/empowering_women?gclid=CN-B7af6ta0CFQXd4Aodu30OoA
    • http://devnet.anu.edu.au/online%20versions%20pdfs/59/1359McLeod.pdf%20Retrieved%20on%2010/11/2012
    • http://devnet.anu.edu.au/online%20versions%20pdfs/59/1359McLeod.pdf
    • http://www.unifem.org/attachments/products/CEDAW_HRBA_guide_pt1_eng.pdf
    • http://www.powermen.com/main/modules/news/article.php?storyid=235
    • http://www.unmillenniumproject.org/html/tf1docs.shtm%20Retrieved%20on%2014/08/2012
    • http://www.unmillenniumproject.org/html/tf1docs.shtm
    • http://www.unmillenniumproject.org/html/tf3docs.shtmRetrieved
    • http://www.unmillenniumproject.org/html/tf6docs.shtmRetrieved
    • http://www.unmillenniumproject.org/html/tf1docs.shtmRetrieved
    • http://agora.nigeriaelections.org/readMore/221/in_retrospect_2011_april_polls_and_gender_ranking_in_nigeria
    • http://www.tribune.com.ng/index.php/politics/11798-womens-participation-in-politics-matters-arising
    • http://www.jsd-africa.com/Jsda/V10N4_Spring2009/PDF/SustainableDevlopmentNigera.pdf%20Retreieved%20on%2030/11/2012
    • http://www.unifem.org/index.php?f_page_pid=10
    • http://www.un-nigeria.org/unagencies/unifem.html%20Retieved%20on%2014/08/2012
    • http://www.un-nigeria.org/unagencies/unifem.html
    • http://www.unifem.org/index.php?f_page_pid=33
    • http://www.mdgender.net/resources/monograph_detail.php?MonographID=8
    • http://www.stantonchase.com/best_practices/Women_in_Management_challenges_in_successful_career.pdf
    • http://www.wedo.org/
    • http://ibompulpit.com/category/government/
    • http://ibompulpit.com/category/news/
    +122 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.