Win.Trojan.Xenixos-1 Office (OLE) malware analysis — malicious · 608bbbc5c6483bcb

MALICIOUS

Office (OLE)

44.0 KB Created: 1996-02-26 17:37:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14

MD5: 898bb0c5c35000ff53845e1d3aecd781 SHA-1: 443bd9110a88d7425b6d9ad0803272895e837e70 SHA-256: 608bbbc5c6483bcbafdcfb81f9428afa769148112a57ab81a86e6bb8163a0d30

80 Risk Score

Malware Insights

Win.Trojan.Xenixos-1 · confidence 90%

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as Win.Trojan.Xenixos-1 by ClamAV. It contains legacy WordBasic macros, specifically an AutoOpen macro, which is a known marker for older malicious macro execution. The document body describes the 'WinWord.Nemesis' macro virus, detailing its characteristics and spread, suggesting the file itself is an example or carrier of this legacy malware.

Heuristics 2

ClamAV: Win.Trojan.Xenixos-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Xenixos-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.