Xls.Downloader.b83ac4c497e169b5-9980307-0 Office (OLE) / .XLS malware analysis — malicious · 42216bb0863ee50f

MALICIOUS

Office (OLE) / .XLS

74.0 KB Created: 2022-11-29 07:16:03 First seen: 2022-11-30

MD5: 98cdfb431ac120cec3bf54e2663020ed SHA-1: 8627f3b5be0cbff0d5585e9a55f8a4c7e2d39ec3 SHA-256: 42216bb0863ee50fec16d13db4e1c59f5774ff7a457009cfdfa5b7a32dad16db

188 Risk Score

Malware Insights

Xls.Downloader.b83ac4c497e169b5-9980307-0 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1105 Ingress Tool Transfer

The file is an XLS document containing VBA macros. Heuristics indicate the use of Shell() and CreateObject() calls, suggesting the execution of external commands or processes. The VBA script attempts to download content from a URL using MSXML2.XMLHTTP and then likely executes it, consistent with a downloader pattern.

Heuristics 5

Shell() call in VBA critical OLE_VBA_SHELL

Shell() call in VBA
ClamAV: Xls.Downloader.b83ac4c497e169b5-9980307-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Downloader.b83ac4c497e169b5-9980307-0
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Environ() call (env variable access) low OLE_VBA_ENVIRON

Environ() call (env variable access)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `7aa807d266e0fbfc057565ac72ebadfaaae7c974f83a8f70f0e053cfba7655ac`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	5075 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.