Win.Trojan.Stealph-1 Office (OLE) malware analysis — malicious · 8729bbbd501b1f1f

MALICIOUS

Office (OLE)

12.5 KB Created: 1998-02-13 06:30:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14

MD5: 3b4d43037e14abee76ff822253080c3b SHA-1: d93f1d0f769d029e55e835cf38bfb7bca40df529 SHA-256: 8729bbbd501b1f1f8f538ccf4336361e26b3bbe273bcd9d197d4dfe28fe99248

80 Risk Score

Malware Insights

Win.Trojan.Stealph-1 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as Win.Trojan.Stealph-1 by ClamAV. A critical heuristic indicates the presence of a legacy WordBasic AutoOpen macro, which is a common method for executing malicious code within older Office documents. The macro's name, AutoOpen, is explicitly present in the document body, suggesting it will run automatically when the document is opened.

Heuristics 2

ClamAV: Win.Trojan.Stealph-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Stealph-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.