Office (OLE) malware analysis — malicious · f60f52b18243f5ef

MALICIOUS

Office (OLE)

24.0 KB Created: 1996-06-08 18:39:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: a5ab005c6bc1d58aefc0f08d49f8ed5c SHA-1: 8dd8d99fd3ebd7f5c26a7c5ad82607d12a58bbcf SHA-256: f60f52b18243f5ef7fd92361fff6b5bc33a9db84b2db19df2b290e4dae79a205

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is a legacy Word document containing legacy WordBasic macros, indicated by the 'OLE_LEGACY_WORDBASIC_AUTOEXEC' heuristic and the presence of 'AutoOpen' and 'AutoExec' keywords. These macros are designed to execute automatically when the document is opened, a common technique for initiating malware execution. The ClamAV detection of 'Win.Trojan.Friendly-1' further confirms its malicious nature, suggesting it acts as a downloader or initial dropper.

Heuristics 2

ClamAV: Win.Trojan.Friendly-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Friendly-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.