MALICIOUS
108
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
The file is identified as malicious by ClamAV and exhibits a critical heuristic firing for CVE-2012-0158, a known vulnerability in MSCOMCTL.ListView. This indicates the file is designed to exploit this vulnerability for initial execution. No document body or scripts were available for further analysis, but the exploit itself is sufficient to classify the attack pattern.
Heuristics 3
-
MSCOMCTL.ListView — CVE-2012-0158 high CVE likely CVE_2012_0158MSCOMCTL.ListView — CVE-2012-0158
-
ClamAV: Xls.Dropper.Agent-6290851-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Dropper.Agent-6290851-0
-
VBA project contains no executable statements low OLE_VBA_MACROSDocument contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 368 bytes |
SHA-256: 1f4657a67754171a91821bdcf0ac4e4853bccc1364c1966edd3a303b073a2d0b |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "Ëèñò1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "ListView1, 1, 0, MSComctlLib, ListView"
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.