Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 5df37394f50055c8…

MALICIOUS

Office (OLE) / .EXE

27.5 KB Created: 1998-06-10 14:42:46 Authoring application: Microsoft Excel
MD5: 3d5e937355d345e23b457b04c272601b SHA-1: 561c9df6661b36d87ade22dfc760da8345840765 SHA-256: 5df37394f50055c8e615d57958d2fed19a38574035f3762ab8f34bd8496d48bc
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1547.001 Registry Run Keys / Startup Folder

The sample contains VBA macros, specifically an Auto_Open subroutine, which is a strong indicator of malicious intent. The script attempts to save a file named 'NEGS.XLS' to the application's startup path, suggesting an attempt to establish persistence and potentially spread to other workbooks. The presence of 'laroux' markers further confirms its nature as a macro-based virus.

Heuristics 3

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
9bc905d1436d65df2dd303cbc566bf30c3ddb0731ba7302ff487c9d4f456c6f3		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1938 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.