Xls.Trojan.Netsnak-1 — Office (OLE) malware analysis

Static analysis result for SHA-256 8e46861131b84ed8…

MALICIOUS

Office (OLE)

277.0 KB Created: 2006-09-20 07:38:28 First seen: 2015-09-26
MD5: 75cc82edd3c257048548ba02798744d4 SHA-1: f242e77cb1fe446fa6667ff1d13e196bcea67677 SHA-256: 8e46861131b84ed8f42ef053aa274d12230245280376ed698c3ae4f994a24cf9
100 Risk Score

Malware Insights

Xls.Trojan.Netsnak-1 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file was detected by ClamAV as Xls.Trojan.Netsnak-1, a known malicious Excel trojan. A heuristic firing for SC_STR_WSCRIPT indicates the presence of code that interacts with Windows Script Host, commonly used to download and execute further malicious payloads. The VBA macro content, though heavily obfuscated, contains references consistent with script execution.

Heuristics 2

  • ClamAV: Xls.Trojan.Netsnak-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Trojan.Netsnak-1
  • Reference to Windows Script Host high SC_STR_WSCRIPT
    Reference to Windows Script Host