Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 90c4292455d9dab0…

MALICIOUS

Office (OLE) / .XLS

1.05 MB Created: 2007-06-12 23:12:52 Authoring application: Microsoft Exceࠄ
MD5: 5cef39bef56ac997525b96667f818238 SHA-1: 612413c0571e01974c46da70415df377417e8d30 SHA-256: 90c4292455d9dab07c30eb1fdb70a6284c3361c31c8560b3fde5dee148781018
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an XLS spreadsheet containing a large VBA macro, specifically an Auto_Open macro, which is a common technique for executing malicious code automatically when the document is opened. ClamAV identified this as 'Xls.Virus.Valyria-10004391-0'. The macro's presence and auto-execution capability strongly suggest a malicious intent, likely for delivering a secondary payload or performing other harmful actions.

Heuristics 3

  • ClamAV: Xls.Virus.Valyria-10004391-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Virus.Valyria-10004391-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
e538b19efeea4079cccb552f0d271cfd06e53dea0bbce6b4139c83fed4041abb		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 183634 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.