Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 0400849dbc96cbf3…

MALICIOUS

Office (OOXML)

5.80 MB Created: 2019-11-30 15:27:37 UTC Authoring application: Microsoft Excel 16.0300
MD5: 40aa8126faf9ebb6e95e286cd23c08f3 SHA-1: 51af71c8d61a924a64ac00dcd26b9415114a32e2 SHA-256: 0400849dbc96cbf3b0643397410e714e4466a306a7edb5e3835bf4fa71890fd2
242 Risk Score

Heuristics 6

  • Shell() call in VBA critical OLE_VBA_SHELL
    Shell() call in VBA
  • URLDownloadToFile in VBA critical OLE_VBA_DOWNLOAD
    URLDownloadToFile in VBA
  • VBA downloads and writes a file to disk critical OLE_VBA_HTTP_DROP_EXEC
    VBA reads an HTTP response body and writes it to disk (ADODB.Stream SaveToFile). Combined with the auto-exec/Shell paths this is a download-drop dropper even when the COM ProgIDs are built dynamically to evade keyword scanning.
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA project inside OOXML medium OOXML_VBA
    Document contains a VBA project — VBA macros present
  • Large OOXML part skipped info SCAN_INCOMPLETE
    One or more high-value OOXML parts exceeded the scanner's per-entry size cap and may not have been fully inspected.

Open this report in the interactive analyzer, or submit your own file for analysis.