Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 40ff637607c9c9a5…

MALICIOUS

Office (OLE) / .XLS

15.5 KB Created: 2010-08-12 01:46:35 Authoring application: Microsoft Excel
MD5: 345a4df2320dfc436750384f31381029 SHA-1: 60b4480fca1a732d7809322f31335665e17aeaf9 SHA-256: 40ff637607c9c9a50a9fa578af5c73199059bbf292f48a5bdaf7f995ccf293f7
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Excel spreadsheet containing VBA macros, with a high-confidence detection by ClamAV as Doc.Macro.Laroux-5893719-0. The presence of an Auto_Open macro indicates that the malicious code is designed to execute automatically when the document is opened. While no specific payload URLs or commands were extracted, the macro's presence strongly suggests a downloader or droppper functionality.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
9e8ce1401c4739b83f9e6a6842670f92d64e220d4214f18d0db5f915102b51a3		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1176 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.