Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 905114a946d7252d…

MALICIOUS

Office (OLE) / .XLS

44.5 KB Created: 2010-02-01 12:35:48 Authoring application: Microsoft Excel
MD5: d5832487fbf883cb163e4034d992bb01 SHA-1: 7fb37608ace49c95811ccefa3871f69f428f9206 SHA-256: 905114a946d7252df990a1cc11a1fc37a57b367e73a3d01735ab14f62134dd7e
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059.001 PowerShell T1204.002 Malicious File

The sample is an XLS file containing VBA macros, indicated by the OLE_VBA_MACROS heuristic. High-severity heuristics for OLE_VBA_CREATEOBJ and OLE_VBA_GETOBJ suggest the macros are designed to interact with the system or external resources. While no specific URLs or scripts were extracted, the presence of macros and these object creation calls strongly implies a malicious intent, likely to download and execute a secondary payload. The document body is heavily truncated and unreadable, providing no further context.

Heuristics 3

  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
336233170339c9a057b6679793bd3eb767ff1119e045e75e408df8d03bcfc624		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3453 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.