Office (OLE) / .EXE malware analysis — malicious · 8ee6f72033c34afd

MALICIOUS

Office (OLE) / .EXE

69.0 KB Created: 1998-08-24 23:10:00 Authoring application: Microsoft Excel

MD5: ec0c2336da847e80f5a8b7b6eaf1bd9a SHA-1: f8b825d508554667a5e4826b2a55fcdc1f565087 SHA-256: 8ee6f72033c34afd9c70abaf9384e85302b1ce48b98a4073b5bc797db5bf4143

180 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Office executable containing a VBA macro, specifically an Auto_Open macro, which is a common technique for initial execution. ClamAV identified this as Xls.Trojan.Laroux-28. The macro is likely designed to download and execute a second-stage payload, although the specific actions are not detailed in the provided heuristics.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-28 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-28
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `a5850330c65d4e31d8877e97d10657fea575d501c96cca7b0f2b7f3bb8b08c49`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	2025 bytes
Detection ClamAV: Xls.Trojan.Laroux-28 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.