Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 91743785b5c4fbad…

MALICIOUS

Office (OLE) / .XLS

191.5 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel
MD5: 2e114b34a6062b0771d1cb73fec4273b SHA-1: c6205a64f28510f548b2ef875e20e8345602dd2c SHA-256: 91743785b5c4fbad2d963a9a22b8989cef6a336c5f3d65dd9f65a3ca1f5fdc92
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The presence of VBA macros and a GetObject call indicates malicious intent. The macros are 1826 bytes in size, suggesting they are substantial enough to perform complex actions. While no specific URLs were extracted as malicious, the GetObject call is a common technique for executing arbitrary code. The file is an Excel spreadsheet, a common format for macro-based malware delivery.

Heuristics 3

  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ns.adobe.com/xap/1.0/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://ns.adobe.com/iX/1.0/
    • http://ns.adobe.com/xap/1.0/mm/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
23291b306ebb0d28a14b9247d31c5ddcb1852226d72a67ee5dda1ee0c4728403		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1826 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.