Office (OLE) / .16 malware analysis — malicious · 30f04cf80f1d4b0e

MALICIOUS

Office (OLE) / .16

202.0 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: b94fc57e211e9d34fdcc3f4d4e0c900d SHA-1: 80c3937c01056c90e72d36eff3d9d1a5baf7d799 SHA-256: 30f04cf80f1d4b0e37b43709d428f747d5df4134f3b7c1209f6edc80a799accb

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel document containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening. The ClamAV detection 'Doc.Macro.Laroux-5893719-0' further indicates malicious intent. The document body contains what appears to be shipping and airport code information, likely serving as a lure to disguise the malicious nature of the file. No specific scripts were extracted for detailed analysis, but the presence of the Auto_Open macro is sufficient to infer a malicious execution flow.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `b35f884f1ab3c6e6c1dbe2d6db716dba0e1ebba6f7c888a0fd88da628484a892`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1912 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.