Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 8b792e8bbc48d2f9…

MALICIOUS

Office (OLE)

6.0 KB First seen: 2012-06-14
MD5: 259e7e82933d232f4b917e329db26007 SHA-1: 745eb91a3e5e164545ddab15959c3520358de243 SHA-256: 8b792e8bbc48d2f9d270bd04c7b6f798e6bd804c21fd0d696ccab2b8b9a7f02f
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample exhibits characteristics of a legacy WordBasic macro virus, indicated by specific markers and the presence of macro-related functions within the document body. The content appears to be a lure, potentially to trick users into enabling macros, which would then execute the embedded malicious code. The detection by ClamAV as 'Doc.Trojan.Wazzu-6' further supports its malicious nature.

Heuristics 2

  • ClamAV: Doc.Trojan.Wazzu-6 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Wazzu-6
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.