Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 fe9e6af6c2eaa503…

MALICIOUS

Office (OLE) / .DOC

37.0 KB Created: 2010-02-21 19:19:00 Authoring application: Microsoft Office Word
MD5: 5f8fdb156f9f047f3f5384565d177f2c SHA-1: 475a858d118037a1ff7266c0a56fa26f68885aa1 SHA-256: fe9e6af6c2eaa503080b5d0f1c2bb39f101d0164d625a6042111f9a2f41879c9
60 Risk Score

Malware Insights

MITRE ATT&CK
T1071.001 Web Protocols T1566.001 Spearphishing Attachment

The sample is a malicious Microsoft Word document detected as Doc.Trojan.Venom-1 by ClamAV. The embedded VBA macro attempts to leverage Outlook to email the document to contacts, using the subject 'Important Message From [UserName]' and body 'Here is that document you asked for ... don't show anyone else Wink'. It also attempts to infect the Normal.dot template, likely to ensure persistence or further spread. The macro's obfuscation and self-modification suggest a downloader or worm-like behavior.

Heuristics 1

  • ClamAV: Doc.Trojan.Venom-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Venom-1

Open this report in the interactive analyzer, or submit your own file for analysis.