Office (OLE) / .XLSX malware analysis — malicious · 961efef13cc03831

MALICIOUS

Office (OLE) / .XLSX

1.62 MB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel

MD5: 9345bfabfc4671c72fcafebb6db3fc61 SHA-1: 9c31f9a4423756fc4e98e71f98ecb6d5620b935d SHA-256: 961efef13cc038317cb3bc3a95d24267d73b23e66952c007ada6aa6601d28602

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is an Excel spreadsheet containing VBA macros. The heuristics indicate the presence of CreateObject and CallByName calls, commonly used in malicious macros. The document body explicitly instructs the user to enable macros, a social engineering tactic to bypass security. No specific URLs or executable payloads were directly extracted, but the presence of macros and the enable lure strongly suggest a downloader or dropper functionality.

Heuristics 4

CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
CallByName call high OLE_VBA_CALLBYNAME

CallByName call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `b467d81e99f59c0059f5aaf05cf5899a6171053d06319f771455ab0e8e14aa93`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	3218 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.