Office (OLE) / .XLSX malware analysis — malicious · aeacf0a4cdb9fbc9

MALICIOUS

Office (OLE) / .XLSX

1.62 MB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel

MD5: 5e486f641fde57c800c880b0733a52a0 SHA-1: 875d47e8e0babaae9187bf6d32cb904e7ff94c87 SHA-256: aeacf0a4cdb9fbc923693186fd7b8e2eed6f9b94e65541497df4fbd8543c53a9

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is an Excel file containing VBA macros. Heuristics indicate the presence of CreateObject and CallByName functions, commonly used in malicious macros. The document body explicitly instructs the user to enable macros, a social engineering tactic to bypass security. No specific family could be identified, but the techniques suggest a macro-based downloader.

Heuristics 4

CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
CallByName call high OLE_VBA_CALLBYNAME

CallByName call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `b467d81e99f59c0059f5aaf05cf5899a6171053d06319f771455ab0e8e14aa93`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	3218 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.