Office (OLE) / .EXE malware analysis — malicious · bb4cc408f5898a2e

MALICIOUS

Office (OLE) / .EXE

19.5 KB Created: 2001-05-21 13:01:08 Authoring application: Microsoft Excel

MD5: 54d9bd00f2e811f03367a9d83a509a79 SHA-1: 26f33265ba972ed765888002e9c6f846e3a06931 SHA-256: bb4cc408f5898a2e97b5fb970d8ea101526f1d51cc01bc39a82c41ccb795d0d7

180 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical ClamAV detection of 'Xls.Trojan.Laroux-22' and the presence of an Auto_Open VBA macro strongly indicate malicious intent. The Auto_Open macro is designed to execute automatically when the document is opened, likely to download and execute a second-stage payload. The file's metadata indicates it is an OLE file created by Microsoft Excel.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-22 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-22
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `803f698c9a7f001a2348779f5a99405c4518e8d18ee3b4c9e88ef7a4b24c14e6`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	3864 bytes
Detection ClamAV: Xls.Trojan.Laroux-22 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.