Win.Trojan.Wazzu-25 — Office (OLE) malware analysis

Static analysis result for SHA-256 f5700b9a2d0102b7…

MALICIOUS

Office (OLE)

6.5 KB Created: 1997-05-01 15:39:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14
MD5: 1dc0682ee3c143b633491c69a56f7905 SHA-1: c9c51326ed9bcb51c1b0c3db5cce2bfd9be8b3b0 SHA-256: f5700b9a2d0102b7eaef89ae61c512bc1300d8ebe120b12ed12447ab58a4276f
80 Risk Score

Malware Insights

Win.Trojan.Wazzu-25 · confidence 90%

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Win.Trojan.Wazzu-25. A legacy WordBasic AutoOpen macro was detected, indicating that the document is designed to automatically execute code when opened. This macro likely serves to download and execute a secondary payload, a common tactic for trojans.

Heuristics 2

  • ClamAV: Win.Trojan.Wazzu-25 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Wazzu-25
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.