Win.Trojan.Kerrang-1 — Office (OLE) malware analysis

Static analysis result for SHA-256 fd507c5ebdad5f5c…

MALICIOUS

Office (OLE)

20.0 KB Created: 1997-02-15 19:47:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: d647667352f2a32fcf18d77c3ba8598d SHA-1: 793b165e0acb5d3745df225ee0f616b0010f3c0c SHA-256: fd507c5ebdad5f5c262a45364b9568076f11378494136f56f7ff854df7234539
100 Risk Score

Malware Insights

Win.Trojan.Kerrang-1 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file exhibits legacy WordBasic macro-virus markers, indicating the presence of malicious macro code. ClamAV identifies this sample as Win.Trojan.Kerrang-1, a known trojan. The document body discusses a utility called 'fakecd' but this appears to be a lure or unrelated content, as the heuristics point to malicious macro execution.

Heuristics 2

  • ClamAV: Win.Trojan.Kerrang-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Kerrang-1
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.