Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 194e89e52ff46f83…

MALICIOUS

Office (OLE)

25.0 KB Created: 1997-12-07 12:16:36 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 8f3463a2cc420a2587b821b0d2d1495c SHA-1: db180b059314a9d01e3f74f3b0824c5bd4cc856f SHA-256: 194e89e52ff46f830b9f88379a3ea96f5d5d5298233b63aa2d1dcb1cdca40a63
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' indicates the presence of a known Excel macro virus. The 'CLAMAV_DETECTION' heuristic further confirms its malicious nature. The document body contains garbled text, suggesting potential obfuscation or corruption, but the primary threat stems from the embedded macro.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-489 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-489
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.