Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 4ae7b325a0406197…

MALICIOUS

Office (OLE) / .EXE

36.0 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel
MD5: 5037dcf4d150e26ca8d919aff808a615 SHA-1: 555f8aacee1f83e0cdd2a83da27ab1a448a31996 SHA-256: 4ae7b325a04061979edab2e9de9d4e8404c75aae5a5559ce02819639a535cda5
180 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel OLE executable containing VBA macros, specifically an Auto_Open macro. ClamAV signatures identify it as Xls.Trojan.Laroux-5. The presence of an Auto_Open macro indicates an attempt to automatically execute malicious code upon opening the document, likely to download and run a secondary payload.

Heuristics 4

  • ClamAV: Xls.Trojan.Laroux-5 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Trojan.Laroux-5
  • ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV
    ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
c43e181a3815287f96bf8cc952428d0d13b6b17c5d611a77daba8c523c1320b5		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2197 bytes
Detection
ClamAV: Xls.Trojan.Laroux-5
Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.