Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 9c06b99f8150d692…

MALICIOUS

Office (OLE) / .XLS

44.5 KB Created: 2008-04-14 02:30:32 Authoring application: Microsoft Excel
MD5: 15dc61498ee0e7e05c3948700f24d257 SHA-1: 8423361acd17b2f53577e6172ad310d85f5c2075 SHA-256: 9c06b99f8150d692482255d8c3f31a07c324247366e139598d390a600170cfb5
140 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is an XLS document containing VBA macros, identified by ClamAV as Xls.Trojan.Laroux-32. The document body contains what appears to be a list of names, titles, and contact information, suggesting a social engineering lure. No specific script content was provided for detailed analysis, limiting the ability to determine the exact payload delivery or persistence mechanisms.

Heuristics 3

  • ClamAV: Xls.Trojan.Laroux-32 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Trojan.Laroux-32
  • ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV
    ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
bb1c719dd8f32fc77f23837915f5df4bfed19fd9b2018afcc9f50762c68ba321		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2067 bytes
Detection
ClamAV: Xls.Trojan.Laroux-32
Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.