Office (OLE) / .XLS malware analysis — malicious · 67ed290426584757

MALICIOUS

Office (OLE) / .XLS

16.0 KB Created: 2009-12-17 10:54:30 Authoring application: Microsoft Excel

MD5: 86b9dee1d8270072a204af998faeedb6 SHA-1: 71c1eb47c01556d8f30cc7fa713076146cf1c592 SHA-256: 67ed290426584757c98b9a1f9c17e4355600230b7915d6247a9b9f46796b752b

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1547.001 Registry Run Keys / Startup Folder

The sample is an Excel file containing a VBA macro that executes automatically upon opening (auto_open). The script attempts to copy itself to the Excel startup directory as 'StartUp.xls', indicating a persistence mechanism. The ClamAV detection 'Doc.Macro.Laroux-5893719-0' further supports its malicious nature.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `79b21a7c777209cbed010937c211fa50ce8f1a7a563e8469017a43761e814fcd`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.