Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 f487eb92a2881239…

MALICIOUS

Office (OLE)

30.0 KB Created: 2008-07-16 15:18:00 Authoring application: Microsoft Word 10.0
MD5: 35c70a4f53de68d365ce1e2d27c93d30 SHA-1: ffc52a068f10721f42f86526479d4b8c5c2ae56d SHA-256: f487eb92a288123977239501b532e6ace771139a1a1ddd47d752c723685d9ef3
140 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Office document containing VBA macros. The presence of VBA macros is a strong indicator of malicious intent, as they are frequently used to download and execute secondary payloads. While no specific payload or download URL was directly extracted, the macro presence itself is sufficient to flag this as a likely malicious document delivery mechanism. The document body content appears to be unrelated marketing material for a lighting product.

Heuristics 3

  • ClamAV: Doc.Trojan.Title-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Title-1
  • ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV
    ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
8b4f3c0da8f19a947a457940c6447deaae03774d3cfd0f7df4547cfc16021ece		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2886 bytes
Detection
ClamAV: Doc.Trojan.Title-1
Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.