Win.Trojan.Strezz-1 Office (OLE) malware analysis — malicious · 178e26fdf03670be

MALICIOUS

Office (OLE)

11.5 KB Created: 1997-05-12 08:58:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: b5964d12366a54ac1ddc549073e9829d SHA-1: 3a5e97397c3ae96560db86b486cb578e663111f8 SHA-256: 178e26fdf03670be5f78dd9b147b303bcee7cf70dc869a4bea29d76c44ccacad

100 Risk Score

Malware Insights

Win.Trojan.Strezz-1 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The sample exhibits legacy WordBasic macro virus markers, specifically 'ToolsMacro', and is identified by ClamAV as Win.Trojan.Strezz-1. The document body contains strings related to macros like 'AutoOpen', 'FilePrint', and 'FileSaveAs', suggesting these events trigger malicious behavior. The presence of 'C:\!BUFF\STREZZ.DOC' indicates a potential file path associated with the malware's operation.

Heuristics 2

ClamAV: Win.Trojan.Strezz-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Strezz-1
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.