Malicious Office (OLE) / .VIR — malware analysis report

Static analysis result for SHA-256 8e56de734af3b0a3…

MALICIOUS

Office (OLE) / .VIR

34.0 KB Created: 2010-04-19 10:20:30 Authoring application: Microsoft Excel
MD5: 1872cb22b3d5b07233d0b5f966907483 SHA-1: 43adcf0d6fe6b73b53e86cb61e7b09b5e477a0f5 SHA-256: 8e56de734af3b0a3bef134cc55aaecfa6e5796071985bcae4f80a81b641aa1d5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel document with a high-severity heuristic indicating the presence of VBA macros, specifically a Workbook_Open macro. This macro likely executes automatically when the document is opened, initiating malicious activity. No specific family could be identified, and no external IOCs were extracted from the sample.

Heuristics 2

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
783d94c36a67864e4eb2ab41e5ae9000be14dccd69100bbe68a87529e5b465af		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 4296 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.