Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 3b8df39106c82fa1…

MALICIOUS

Office (OLE) / .XLS

98.5 KB Created: 2010-07-26 04:03:52 Authoring application: Microsoft Excel
MD5: 67f76e5170fddb60aefb297570b8d504 SHA-1: ef0f9d5d24dac5b8c4b9c3d2b68eb4242723a890 SHA-256: 3b8df39106c82fa166565bf69ef5adbf0bc0689c22bdc6508e905800ac94d7a0
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.002 Spearphishing Attachment

The file is an Excel spreadsheet containing a VBA macro, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening the document. ClamAV detected this as 'Doc.Macro.Laroux-5893719-0', indicating a known malicious macro signature. The macro's purpose is inferred to be the download and execution of a second-stage payload, typical of macro-based malware.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
ef21a95e8103463135e9f03a5807171a2d74eaaca10c098a1a757a9dd5f72d9e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1482 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.