Win.Trojan.Wazzu-29 Office (OLE) malware analysis — malicious · 2d76bd43d0622d36

MALICIOUS

Office (OLE)

7.0 KB Created: 1996-11-25 20:24:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: 50960c5fce386e077e944619c1996cd2 SHA-1: 907eaf1c97a1de101e18a920b9017b1e2f9a2899 SHA-256: 2d76bd43d0622d364868e5ac84b42a7a88c668ca596d6d62ef55aae691322ef9

100 Risk Score

Malware Insights

Win.Trojan.Wazzu-29 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The file exhibits characteristics of a legacy WordBasic macro virus, specifically containing markers like 'fileMacro$' and triggering a critical ClamAV detection for Win.Trojan.Wazzu-29. The presence of 'autoOpen' and 'Global:autoOpendi' suggests an attempt to automatically execute malicious code upon opening the document. The IOC 'fileMacro$' is a direct indicator of the macro's presence.

Heuristics 2

ClamAV: Win.Trojan.Wazzu-29 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Wazzu-29
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.