Win.Trojan.Wazzu-19 — Office (OLE) malware analysis

Static analysis result for SHA-256 c43c48cbc219bd23…

MALICIOUS

Office (OLE)

7.0 KB First seen: 2012-06-14
MD5: 11784a802952b607504133bb6ac21037 SHA-1: 098bfb6fcbd4b6e77773f03dec8317ece6ab6198 SHA-256: c43c48cbc219bd2331010e5789c70d30bba9385cfadda46e9978ff207772343c
100 Risk Score

Malware Insights

Win.Trojan.Wazzu-19 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified by ClamAV as Win.Trojan.Wazzu-19 and exhibits legacy WordBasic macro virus markers. The document body explicitly states it is a "RSN MACRO VIRUS Goat file" and mentions "autoOpen", indicating it likely executes malicious code upon opening. The presence of legacy macro virus markers strongly suggests an intent to spread or perform malicious actions through macro execution.

Heuristics 2

  • ClamAV: Win.Trojan.Wazzu-19 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Wazzu-19
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.