Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 4cfb33b79b0692db…

MALICIOUS

Office (OLE) / .XLS

38.5 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel
MD5: cf9adfab209736927f32cba56fed007e SHA-1: a3e89741b0d7b89a5bbf0ae2698385e31e49e89c SHA-256: 4cfb33b79b0692db144e9ed4b9eebfc976406dbc1f00d4f6d20656a11c6f4a77
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1219 Remote Access Software

The critical ClamAV detection and the presence of VBA macros strongly indicate malicious intent. The GetObject heuristic suggests the macros are designed to download and execute a second-stage payload, likely from an external source. The family is unknown due to a lack of specific indicators.

Heuristics 3

  • ClamAV: Xls.Malware.Valyria-10012971-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Malware.Valyria-10012971-0
  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
227a935a2577293774977d4c7fb2eba5da009c7dcbc5dc53c6d633009ecd8fe7		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1818 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.