W97M/Downloader is part of a large banking malware operation that peaked in March 2016. Bad actors have been distributing this campaign for well over a year, which serves as a doorway to Vawtrak and Dridex banking trojans. This malware campaign targets a wide array of users via their operating system and browser to deliver the appropriate payload.
W9M/Downloader Malware Campaign
W97M/Downloader is a specially-crafted Microsoft Word document that, when opened, silently executes a malicious macro that connects to multiple remote servers to download and display additional components.
Source: Scuri check