Office (OLE) / .XLS malware analysis — malicious · a6116f8a97452d77

MALICIOUS

Office (OLE) / .XLS

29.5 KB Created: 2010-03-18 14:41:50 Authoring application: Microsoft Excel

MD5: d979a8296faba674a24f88b0395bf6f9 SHA-1: 501605e81eca4eee9e902906a35238f0f7cd8de8 SHA-256: a6116f8a97452d77739215b6dde81bc34ddc97b0b20c5da7f3c14ba304010dc9

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical ClamAV detection and high heuristic for an Auto_Open macro indicate malicious intent. The presence of 1482 bytes of VBA macros, specifically an Auto_Open macro, suggests the file is designed to automatically execute code when opened in Microsoft Excel. The specific ClamAV signature 'Doc.Macro.Laroux-5893719-0' further supports this assessment.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `ef21a95e8103463135e9f03a5807171a2d74eaaca10c098a1a757a9dd5f72d9e`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1482 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.