Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 24380f140add44f3…

MALICIOUS

Office (OLE) / .EXE

19.5 KB Created: 1996-10-14 23:33:28 Authoring application: Microsoft Excel
MD5: 776b8355bdc93ca6401fde9236bc8b96 SHA-1: 5d5ea648369da7e8d69fbf840642754a7862694b SHA-256: 24380f140add44f3a1370045078c255eaba606af5f76e4e1a2a1b7833e05ac25
180 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1204.002 Malicious File

The file is identified as malicious by ClamAV with multiple signatures, including 'Win.Trojan.Psycho-3' and 'Xls.Trojan.Feeder-1'. It contains VBA macros and utilizes CreateObject calls, indicating it is likely designed to execute malicious code or download a secondary payload. The presence of macros and the executable nature suggest a delivery mechanism for further infection.

Heuristics 4

  • ClamAV: Win.Trojan.Psycho-3 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Psycho-3
  • ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV
    ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
12e60d5214059d133fb1150494b2d90af3ef7e7635a3b3d35d808c271d635ea6		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3195 bytes
Detection
ClamAV: Xls.Trojan.Feeder-1
Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.