Office (OLE) / .EXE malware analysis — malicious · 48f033bc88c8fb56

MALICIOUS

Office (OLE) / .EXE

46.5 KB Created: 1998-06-22 09:24:56 Authoring application: Microsoft Excel

MD5: 2914e3ed50c6e8c5187c8773f6f3b666 SHA-1: 1978684567064d9af7788081ac10c649a221199b SHA-256: 48f033bc88c8fb562d2c95bce71eb138e955c5be5f2bca26aaf1d73d15d7fd70

180 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Xls.Trojan.Laroux-1. It contains VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening the document. The presence of the Auto_Open macro suggests an attempt to immediately run the embedded malicious payload.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-1
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `f575cbf046290424f6ab58af42fd1e95d71a265dd018bc63e7498d8a4b5be021`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1896 bytes
Detection ClamAV: Xls.Trojan.Laroux-1 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.