Office (OLE) / .XLS malware analysis — malicious · 278fbae6952f9d80

MALICIOUS

Office (OLE) / .XLS

40.5 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel

MD5: 78db30c8f2ec93f0ba9e76ef63b14501 SHA-1: c062f8e3cd8aae991cd9180e15ac6e9161a6e216 SHA-256: 278fbae6952f9d802509d29d6033e824a92e467a22adc87d0a8231d6e6175fc5

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1059.001 PowerShell T1204.002 Malicious File

The presence of VBA macros and a high-confidence heuristic firing for ShellExecute indicates that this Excel file is designed to run malicious code. The CreateObject call further suggests the potential for dynamic execution or object instantiation, commonly used to download and execute further stages. No specific IOCs were extracted, but the technique strongly suggests a downloader or initial execution vector.

Heuristics 4

Reference to ShellExecute API high SC_STR_SHELLEXEC

Reference to ShellExecute API
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `3c93efbb4f68e9e1274cdc3ed786bf11e9dd914f4520b0bda180e43d9772fe70`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1532 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 shell/COM execution token(s).

Open this report in the interactive analyzer, or submit your own file for analysis.