Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 4d77367d41de37a7…

MALICIOUS

Office (OLE) / .XLS

42.5 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel
MD5: 571f988258963aff38ef1bd06a36bcaa SHA-1: 2fd8ef24ba3173ffb46dd2022780c4cc3cb14238 SHA-256: 4d77367d41de37a74aad17c266b712927e0efd5a76fc08656e3f5d19652032e1
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059.001 PowerShell

The file is an Excel spreadsheet containing VBA macros. A high-severity heuristic detected a GetObject call, which is often used to execute arbitrary code. The macros themselves are heavily obfuscated, but the presence of a GetObject call and the general structure suggest the intent is to download and execute a second-stage payload. No specific family could be identified.

Heuristics 2

  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
ba1f573ee39e9b3f295b915041d29e9c46161f768790fd5009558ae35ff04a6d		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1559 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.