Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 800d1f97e88f3d80…

MALICIOUS

Office (OLE) / .EXE

130.0 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel
MD5: ab876c88f3d4320abeed17d9f80f1de3 SHA-1: fc98ed126e5c19c594510e9c455b7f59f5f9ff31 SHA-256: 800d1f97e88f3d80340013744a28feda98d42d16a7ba2aa9597c600cd7ddff78
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Office document containing VBA macros, specifically an Auto_Open macro which is a common technique for executing malicious code automatically when the document is opened. The macro source is 1926 bytes, indicating a significant amount of code. No specific family could be identified, but the Auto_Open macro suggests a downloader or initial execution stage.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
7ab8154f2ce9ab62481b98f6d4ca9d1a4fb69fa0f83ba2c0780e66c382f4e49d		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1926 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.