Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 3a37360930f0d13d…

MALICIOUS

Office (OLE) / .XLS

70.5 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel
MD5: e9dbdcfb6439bd0d888e907a71509937 SHA-1: 1351db47d95befabf5c909f7c315b65460f6dad0 SHA-256: 3a37360930f0d13d19523597d36813f500afc518ab89c9076c6cc2386bedd44a
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1218 Signed Binary Proxy Execution

The file is an XLS document containing 1818 bytes of VBA macros. A critical ClamAV heuristic identified it as Xls.Malware.Valyria-10012971-0. The presence of a GetObject call within the macros suggests an attempt to load and execute external code, a common technique for malware delivery. No specific IOCs like URLs or hashes were extracted, but the macro content itself is the primary indicator of malicious activity.

Heuristics 3

  • ClamAV: Xls.Malware.Valyria-10012971-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Malware.Valyria-10012971-0
  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
b9928d3af8219b1495e4f8ad8b55f03f0b69edb0d832616a35fa2fb26b1945a2		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1818 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.