Office (OLE) / .EXE malware analysis — malicious · a33fbe351702cfb8

MALICIOUS

Office (OLE) / .EXE

62.5 KB Created: 2000-04-27 00:02:29 Authoring application: Microsoft Excel

MD5: 2c297daeca759df6f95d4b957b96b217 SHA-1: d71a00f1f5943d6f478860db3e3d864229710a30 SHA-256: a33fbe351702cfb854bf8c715680650a174192478ad840cdabcb8e014db4336d

140 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The file is identified as malicious by ClamAV with multiple detections (Xls.Trojan.Barisada-9 and Xls.Trojan.Barisada-2). Static analysis detected VBA macros, which are commonly used to download and execute secondary payloads. The document body presents itself as an Excel function tutorial, a common social engineering tactic to trick users into enabling macros. The presence of VBA macros strongly suggests an intent to execute malicious code.

Heuristics 3

ClamAV: Xls.Trojan.Barisada-9 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Barisada-9
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `d65771a8e0f883805e2b8aade19dd84c54deea298c87a1026474c85e3942e243`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	9180 bytes
Detection ClamAV: Xls.Trojan.Barisada-2 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.