Office (OLE) / .XLS malware analysis — malicious · 31c3391f8a4e3508

MALICIOUS

Office (OLE) / .XLS

24.0 KB Created: 2010-07-15 00:10:56 Authoring application: Microsoft Excel

MD5: 56b7921cdc28a617701559a22990aa0d SHA-1: 94f8bd068d5085a42c20c1022220653309bc8ccf SHA-256: 31c3391f8a4e3508aa68e94dd343f2bbf04a7073c7d6b77d4b9935031486db88

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is a malicious Excel spreadsheet containing VBA macros. The presence of an Auto_Open macro indicates that the malicious code will execute automatically upon opening the document. ClamAV identified this as Doc.Macro.Laroux-5893719-0, a known macro-based malware family. No specific IOCs were extracted beyond the macro itself.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `e9801bef61dd481a32b4da851c61331e9e6c79fb13eeeca6f8304240cb334267`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1567 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.