Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 b62983a41d365dd2…

MALICIOUS

Office (OLE)

21.0 KB Created: 2010-07-02 06:40:56
MD5: b2ca65ddc650875087906df482b94907 SHA-1: 008e30db06c7765402ce37093b25b282a24654c7 SHA-256: b62983a41d365dd220a502312f9c143dd8d2e23fa7755fff148e4fa25d34087d
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Office document containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening. The ClamAV detection 'Doc.Macro.Laroux-5893719-0' strongly indicates malicious intent. While the document body contains what appears to be order or customer data, it does not provide direct clues to the macro's specific function. No scripts were extracted, and the macro source itself was not detailed enough to reconstruct specific actions.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
79b21a7c777209cbed010937c211fa50ce8f1a7a563e8469017a43761e814fcd		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.