Office (OLE) / .XLS malware analysis — malicious · 995c89b8772c1f44

MALICIOUS

Office (OLE) / .XLS

34.5 KB Created: 2008-08-05 21:20:38 Authoring application: Microsoft Excel

MD5: 29e0d1a68b22d7819de98f91982cb0b4 SHA-1: 13c4844240ba4299418602c143a2c9703e2c25af SHA-256: 995c89b8772c1f4494bb569d59c4d55bb564940985a3f7bfba258dccb4acab9e

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1566.002 Spearphishing Attachment

The file is an Excel spreadsheet containing VBA macros, specifically an Auto_Open macro, which is a common technique for initial execution. The ClamAV detection 'Doc.Macro.Laroux-5893719-0' strongly suggests malicious intent. The document body contains fields related to payment orders, indicating a potential financial scam or phishing lure.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `79b21a7c777209cbed010937c211fa50ce8f1a7a563e8469017a43761e814fcd`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.