Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 8d86636c80c364f0…

MALICIOUS

Office (OLE) / .XLS

39.5 KB Created: 2009-07-27 13:01:41 Authoring application: Microsoft Excel
MD5: b573152698e42d67226982b12aae2f53 SHA-1: 9f014cce07da76497b9757816127b904c996f7a8 SHA-256: 8d86636c80c364f0fd560e6aa1d3640af9c5df408c8468783bedbc2922f3e82c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The file is an XLS document containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening. No document body content was available for analysis, and no scripts were extracted. The presence of the Auto_Open macro strongly suggests an attempt to execute arbitrary code, likely for downloading and running a second-stage payload.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
958a275bd1481df2299dd6dab90249d3a798555ebcf2a59212b46e4d3824a438		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2729 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.