Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 a2eb5dc0331b5f00…

MALICIOUS

Office (OLE)

14.0 KB Created: 2009-11-11 08:59:00 Authoring application: Microsoft Excel
MD5: 9a2dc219f00a1608269f2eda230684ad SHA-1: 24cdd4ab3e0d43affd53d19b52ff7903269e6d0f SHA-256: a2eb5dc0331b5f008a593ab0954005afd3b9d12c47df4be4dae0e01b4ea92bbf
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel document containing a VBA macro, specifically an Auto_Open macro, which is designed to execute automatically when the document is opened. ClamAV identified this as Doc.Macro.Laroux-5893719-0. The macro source is 1606 bytes, indicating a potentially complex malicious payload. No specific IOCs were extracted beyond the presence of the macro itself.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
79b21a7c777209cbed010937c211fa50ce8f1a7a563e8469017a43761e814fcd		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.