Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 9a490fe8aa0f34fb…

MALICIOUS

Office (OLE) / .XLS

152.0 KB Created: 2010-03-12 05:41:20 Authoring application: Microsoft Excel
MD5: ac5cc2b770740f55195aa317da11d2df SHA-1: bbdc97ad7537af32f1db2d6867cb543f8add3fd2 SHA-256: 9a490fe8aa0f34fba3fedd4966e3efa37acde3d0236afb8a6cc01fc880037154
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical ClamAV heuristic and high-severity OLE_VBA_AUTO heuristic indicate the presence of a malicious Auto_Open VBA macro. This macro is likely responsible for executing the malicious payload. The document body contains a list of strings that may be used by the macro, but no specific URLs or executable commands were extracted.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
ef21a95e8103463135e9f03a5807171a2d74eaaca10c098a1a757a9dd5f72d9e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1482 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.