Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 fbb7dd1c2a81d18e…

MALICIOUS

Office (OLE)

47.0 KB Created: 1996-09-04 02:53:00 Authoring application: Microsoft Word for Windows 95
MD5: 3bdcc1224d911effbdf106d88e0a96fe SHA-1: 3cb2e00cbd4a2dca6ab82c01090c08a5eefbe29f SHA-256: fbb7dd1c2a81d18ef67a71f95f66b86533fa9864f8d7e0d616a6f0bb9e36b4b4
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an OLE document with a malicious verdict from ClamAV, specifically identified as Win.Trojan.Macro-11. The document body contains VBA-like keywords such as AUTOOPEN, exitdo, and filem$, suggesting the presence of macro code. While no explicit script content was extracted, the heuristics and file type strongly indicate a macro-based attack. The authoring application and creation date suggest a very old file, potentially exploiting a legacy vulnerability.

Heuristics 1

  • ClamAV: Win.Trojan.Macro-11 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Macro-11

Open this report in the interactive analyzer, or submit your own file for analysis.