Xls.Dropper.Agent-7633704-0 Office (OLE) / .XLS malware analysis — malicious · 9497ab22b6d16584

MALICIOUS

Office (OLE) / .XLS

377.0 KB

MD5: ee4634fd220397f140a5c7ed5c0ec136 SHA-1: a3f08624ea3e4875343e8cd9599057db9ffd6b82 SHA-256: 9497ab22b6d165847ec059d354a69792600dcd41090e7f652a630f901add7040

160 Risk Score

Malware Insights

Xls.Dropper.Agent-7633704-0 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The critical ClamAV detection and high-severity heuristics for CreateObject and CallByName indicate malicious VBA macros are present. The presence of 3784 bytes of VBA macro source code further supports this. The macros likely function as a dropper, downloading and executing a second-stage payload, as suggested by the 'Dropper' in the ClamAV detection name.

Heuristics 4

ClamAV: Xls.Dropper.Agent-7633704-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Agent-7633704-0
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
CallByName call high OLE_VBA_CALLBYNAME

CallByName call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `c482702f7d8d40522d8e8c818571563f742231fd297ed904f6c92c5110281d49`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	3784 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.