Office (OLE) static analysis report

Static analysis result for SHA-256 13291a8b75d766e6…

CLEAN

Office (OLE)

58.5 KB Created: 1996-10-14 23:33:28 Authoring application: Microsoft Excel First seen: 2013-01-09
MD5: 3a8c91f26c87115f85dc90a07a826814 SHA-1: c5a7b5fb6e74699faa1e0bf2952009d014cd5d87 SHA-256: 13291a8b75d766e6d0ca8160df057b3ddfc70d581e42116b36e4b9078c5b6efa
4 Risk Score

Heuristics 2

  • VBA project contains no executable statements info OLE_VBA_MACROS
    Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://investor.msn.com/external/excel/quotes.asp?SYMBOL=[ In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 684 bytes
SHA-256: 73fe284b1e885bd0405ecb421b1224021163ce4aa3bca30e5a2deb64f9916b3c
Preview script
First 1,000 lines of the extracted script
Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "SystemMonitor1, 10, 0, SystemMonitor, SystemMonitor"