Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 08b6537772886a8d…

MALICIOUS

Office (OLE) / .EXE

23.0 KB Created: 1999-09-08 05:49:21 Authoring application: Microsoft Excel
MD5: 2698878d66915441b874cfca47edbd31 SHA-1: bc4735a40503f666ab56af5ff543286711cf8933 SHA-256: 08b6537772886a8daf552d6e2e40bd2138cae824055615c1be281c361ce8f278
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1547.001 Registry Run Keys / Startup Folder

The sample contains VBA macros, specifically an Auto_Open macro, which is a strong indicator of malicious intent. The script attempts to save a file named 'A-A.XLS' to the application's startup path, indicating an attempt to establish persistence. The presence of the 'laroux' marker further suggests it belongs to a known macro virus family.

Heuristics 3

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
17d56e1d3ebf6c7d02f6d7b6a8ca415dce3811e2a1c4b9a0ae677207ea5c9fc6		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1860 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.