Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 a5553242208b59fb…

MALICIOUS

Office (OLE) / .XLS

15.5 KB Created: 2010-03-11 08:05:38 Authoring application: Microsoft Excel
MD5: 8179222f7f04df4fa88b6975020213c7 SHA-1: d8c9b3db54f7d63545c212901218ee7bdaa50079 SHA-256: a5553242208b59fbae241da5d12f2157c8c38ec9ba56e420b70a85169f713b09
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The presence of an Auto_Open macro in the VBA code strongly indicates malicious intent. This macro is automatically executed upon opening the spreadsheet, likely to initiate the execution of further malicious payloads. No specific family could be identified from the available heuristics.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
b1bab1a001cff2b07cf3fd5c19017039b061f42b3badf1c86fff0b88ff441034		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2133 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.