Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 135a69d288264344…

MALICIOUS

Office (OLE) / .EXE

122.0 KB Authoring application: Microsoft Excel
MD5: 879d0d2def51437dde283383a5792861 SHA-1: 6da7cbb9a8b9e113c4880d6bd0c4fe7070c42a73 SHA-256: 135a69d288264344b22b149e1ead24e0b41ad4ea7918c32d5020c378ac5bac3b
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample contains a critical heuristic indicating it is an Excel 5 Laroux macro virus, and it also contains VBA macros with an Auto_Open subroutine. The script attempts to copy itself and save it as 'NEGS.XLS' in the Excel startup path, suggesting a persistence or propagation mechanism. The presence of the Auto_Open macro and the specific file naming convention strongly indicate a malicious intent to infect or spread.

Heuristics 3

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
51423ba0234999d96121e3c9652ff38e829519d123c55395bff6765caac176b8		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2035 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.