Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 e07062a88377ee94…

MALICIOUS

Office (OLE)

51.5 KB Created: 1997-03-23 17:39:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14
MD5: 40c63931bd4694eb4eeec39797aaa12b SHA-1: 5e7665cc79e401e1d2baca9dfc10d42a97e3fffb SHA-256: e07062a88377ee9499f221925396741abf93b0a06b61aa367b210a69909104e0
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file exhibits characteristics of a legacy WordBasic macro virus, specifically identified as a "RSN MACRO VIRUS Goat file". The presence of legacy macro virus markers and the ClamAV detection as Win.Trojan.Wazzu-8 strongly suggest malicious intent. The document body, while containing metadata and filler text, explicitly mentions "RSN MACRO VIRUS Goat file", reinforcing the classification.

Heuristics 2

  • ClamAV: Win.Trojan.Wazzu-8 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Wazzu-8
  • Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS
    OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Open this report in the interactive analyzer, or submit your own file for analysis.