Xls.Trojan.Netsnak-1 — Office (OLE) / .XLS malware analysis

Static analysis result for SHA-256 1152d96af470e93c…

MALICIOUS

Office (OLE) / .XLS

306.5 KB Created: 2009-04-14 07:13:05 Authoring application: Microsoft Excel
MD5: 7b92f82ddcc13ec350fa40b7debaa12b SHA-1: 0c9984d380e3538ece7f63db8c673705ae90904d SHA-256: 1152d96af470e93c6f1c33b42f485b20d6b6878982b03684effed76c191bff35
108 Risk Score

Malware Insights

Xls.Trojan.Netsnak-1 · confidence 95%

MITRE ATT&CK
T1203 Exploitation for Client Execution

The critical ClamAV detection identifies this file as Xls.Trojan.Netsnak-1. A high-severity heuristic firing for SC_STR_WSCRIPT indicates a reference to Windows Script Host, suggesting the execution of malicious scripts. While the VBA project itself contained no executable statements, the presence of WSH references points towards an attempt to download and execute a second-stage payload.

Heuristics 3

  • ClamAV: Xls.Trojan.Netsnak-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Trojan.Netsnak-1
  • Reference to Windows Script Host high SC_STR_WSCRIPT
    Reference to Windows Script Host
  • VBA project contains no executable statements low OLE_VBA_MACROS
    Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.

Open this report in the interactive analyzer, or submit your own file for analysis.