Malicious Office (OLE) / .XLA — malware analysis report

Static analysis result for SHA-256 9574cf92cc46ac87…

MALICIOUS

Office (OLE) / .XLA

53.5 KB Created: 2005-07-17 02:41:37 Authoring application: Microsoft Excel
MD5: 9200050a3c8a9d3fb02eb9613d97b160 SHA-1: 9a53ff3008da1a4716df2e4735dffc76a2afffc8 SHA-256: 9574cf92cc46ac87fbe76778479fd627bdda60b963121bdad8e160513abbf2e4
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as a Microsoft Excel Add-in (XLA) and contains VBA macros, with a high-severity heuristic indicating a Workbook_Open macro. This suggests the file is designed to automatically execute malicious code when opened. No specific family could be identified, and the single embedded URL was confirmed benign. The presence of the Workbook_Open macro strongly implies an attempt to run malicious code upon file opening.

Heuristics 3

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://xcell05.free.fr

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
dc2cb8bda9567f909fc6ad47c2bc0c843ad50c33c19f2eeda18a6a647ed082a7		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 12378 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.