Win.Trojan.NewYear-2 — Office (OLE) malware analysis

Static analysis result for SHA-256 db901532ba5ef6da…

MALICIOUS

Office (OLE)

7.0 KB First seen: 2012-06-14
MD5: 93ae9f35ac585353258f8eea01178da3 SHA-1: 04b5a675029b212c0d9999ec98e616b3b31a1301 SHA-256: db901532ba5ef6da5670cf06e5f1eeba7e88fe54a5cf4c0acceebc2511df26ae
100 Risk Score

Malware Insights

Win.Trojan.NewYear-2 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file exhibits legacy WordBasic macro virus markers and is identified by ClamAV as Win.Trojan.NewYear-2. The embedded document body contains text referencing 'RSN MACRO VIRUS Goat file' and specific macro names like 'AutoOpen', indicating a macro-based execution. This suggests the file is designed to execute malicious code via macros, a common technique for older malware.

Heuristics 2

  • ClamAV: Win.Trojan.NewYear-2 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.NewYear-2
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.