m at the end of extension means that doc has some macros inside. Not always when there is some macros inside, the doc has a different extension.
oleid <docname> # see info about a file
oledump.py -s 3 --vbadecompresscorrupt report.docm
olevba <docname> # get the macro from the doc
Another way to get naughty for an office doc is to use remote templates. You can see many legit templates in Word GUI when you open the program (without opening any file). Open
settings.xml.rels file, and check the
Relationship tag and
Target attribute. Check out the link to decide if this is malware. More here.
You can use
oletools (cross-platform) to investigate malicious documents. Office docs can also be manually unzipped with some unarchive and inspected. Alternatively, use
See more here.