Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 72adfbed53473b34…

MALICIOUS

Office (OLE)

6.5 KB Created: 1997-02-01 19:23:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 838ca1113ac77902838a7ec50759005e SHA-1: a680a85146cc9a80038e9bd9f3563d887f0f6928 SHA-256: 72adfbed53473b34f09b104105b2d600c3a4e3661768321b5d3990c9f5a64ef7
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Win.Trojan.Wazzu-26. Static analysis revealed a legacy WordBasic macro marker 'AutoOpen', indicating automatic execution upon document opening. This suggests the file is likely a macro-enabled document used for initial access via spearphishing, intended to download and execute a secondary payload.

Heuristics 2

  • ClamAV: Win.Trojan.Wazzu-26 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Wazzu-26
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.