Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 0142858c99272b3d…

MALICIOUS

Office (OLE) / .XLS

14.5 KB Created: 2010-05-06 21:34:18 Authoring application: Microsoft Excel
MD5: 5938671ce16b12600da7a8f086d5cfc2 SHA-1: 64843e12655dbe74a48aa5aae9385fd0ef90f1f0 SHA-256: 0142858c99272b3d72585ba0fcaefc363ca47246bd87a32c27a25557dd3e72f1
120 Risk Score

Malware Insights

MITRE ATT&CK
T1547.001 Registry Run Keys / Startup Folder T1547.001 Registry Run Keys / Startup Folder

The critical ClamAV detection and high-severity heuristic for Auto_Open macros indicate malicious intent. The VBA script attempts to achieve persistence by copying itself to the Excel startup folder as 'StartUp.xls'. This mechanism is designed to ensure the macro executes whenever Excel is opened.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
79b21a7c777209cbed010937c211fa50ce8f1a7a563e8469017a43761e814fcd		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.