Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 a8bf9197e456b487…

MALICIOUS

Office (OLE) / .EXE

214.5 KB Created: 1998-06-17 09:32:53 Authoring application: Microsoft Excel
MD5: 09f09cc1564c10c01b79244557bc5483 SHA-1: 41d196675a239d5bdb1be605a1a759d589ce3b6e SHA-256: a8bf9197e456b487d027d75e83dd7c407ce67b50b21ee9005feeca1af4f17eda
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as a malicious Excel document due to the presence of VBA macros. Specifically, an Auto_Open macro was detected, which is commonly used to execute malicious code upon opening the document. The macros themselves are 1830 bytes in size, suggesting a potentially complex payload. The document body contains only sheet names, offering no further clues to the lure.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
6b4eb3734e9d1968efef29d50a3391cb4f6cfc3ddab7042df493dfe3f19e1520		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1830 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.