Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 f85a1ea511b36d69…

MALICIOUS

Office (OLE)

86.9 KB Created: 2018-10-04 23:56:00 Authoring application: Microsoft Office Word First seen: 2019-05-16
MD5: 75d3ff328363980d85c64a0369b836e5 SHA-1: e81816f47bae292f17fd2e71c9cc72fe66a68b36 SHA-256: f85a1ea511b36d6936de839b0f7e4fc1437497f066aae90c301ce6cb0f191ce7
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected as malicious by ClamAV. While VBA macros could not be extracted due to an unsupported format, an embedded URL was found within the document body. This suggests a potential phishing attempt where the user is directed to a malicious resource.

Heuristics 3

  • ClamAV: Doc.Malware.00536d-6923012-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Malware.00536d-6923012-0
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (AssertionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.