Win.Worm.Lorda-1 — Office (OLE) malware analysis

Static analysis result for SHA-256 f945dba5f3160dde…

MALICIOUS

Office (OLE)

88.0 KB First seen: 2012-06-14
MD5: d77119bcac38455171bef0235eeb5ecf SHA-1: 05b90336a043fb04389cbbfbdf29d316b4eb194d SHA-256: f945dba5f3160dde85948293ea68e919d103ebdbd286d7b42c1632deb1222cb7
140 Risk Score

Malware Insights

Win.Worm.Lorda-1 · confidence 95%

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment

The document contains a lure suggesting the user copy and paste content into a command-line interface, which is a common technique for executing malicious payloads. The presence of a WScript reference and ClamAV detection as Win.Worm.Lorda-1 further supports this. The embedded email address is likely a contact point for the attacker or a lure.

Heuristics 3

  • ClamAV: Win.Worm.Lorda-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Worm.Lorda-1
  • Reference to Windows Script Host high SC_STR_WSCRIPT
    Reference to Windows Script Host
  • Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE
    Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context

Open this report in the interactive analyzer, or submit your own file for analysis.