MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1204.002 Malicious File
The file contains legacy WordBasic macros, specifically an AutoClose macro, which is a strong indicator of malicious intent. The macros attempt to execute commands using the 'debug' utility to write and execute binary data from embedded scripts named 'noodle.scr' and 'drop.scr', ultimately aiming to drop and run a payload. The ClamAV detection explicitly identifies this as Win.Trojan.Noodle-1, supporting the analysis of a trojan payload.
Heuristics 2
-
ClamAV: Win.Trojan.Noodle-1 critical CLAMAV_DETECTIONClamAV detected this file as malware: Win.Trojan.Noodle-1
-
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXECOLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
Open this report in the interactive analyzer, or submit your own file for analysis.