Office (OLE) / .EXE malware analysis — malicious · 9460debad27b313f

MALICIOUS

Office (OLE) / .EXE

92.0 KB Created: 1980-01-04 07:01:16 Authoring application: Microsoft Excel

MD5: 64950932da4060274bcc2ba8fb394ba6 SHA-1: e87493848e0a0a49a6c95d1e5ca5a3f6300c5465 SHA-256: 9460debad27b313fea41d781a8f92a385083a51d21561424479d19cfdadf62c2

180 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an OLE executable containing VBA macros, specifically an Auto_Open macro, which is a common technique for initiating malicious execution. ClamAV identifies this as Xls.Trojan.Laroux-28, indicating a known malicious pattern. The presence of the Auto_Open macro suggests the intent is to automatically run malicious code when the document is opened, likely leading to further stages of infection.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-28 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-28
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `f62267d7aef348a5af9b51ee24ce2cc69f69269ff718ed312a917a7da16d1ff7`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	2115 bytes
Detection ClamAV: Xls.Trojan.Laroux-28 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.