Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 1c34882c9ab01404…

MALICIOUS

Office (OLE) / .XLS

194.5 KB Created: 2010-04-06 09:54:19 Authoring application: Microsoft Excel
MD5: 64aab0544a322c8282ab5c8e325f4a50 SHA-1: cf4fa33830d3f5eda9a912d03506a89183bc690a SHA-256: 1c34882c9ab01404d7b7ff81640af119c88017dd1391dfaabcd46b3883e3eac9
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Excel spreadsheet containing a VBA macro, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening the document. The ClamAV detection 'Doc.Macro.Laroux-5893719-0' strongly suggests a known macro-based malware. The macro itself is likely responsible for downloading and executing a second-stage payload, as indicated by the presence of a high-severity heuristic for Auto_Open macros and the critical ClamAV detection.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
ef21a95e8103463135e9f03a5807171a2d74eaaca10c098a1a757a9dd5f72d9e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1482 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.