Office (OLE) / .XLS malware analysis — malicious · c3a41d7cd364ff80

MALICIOUS

Office (OLE) / .XLS

20.0 KB Created: 2010-07-15 06:57:56 Authoring application: Microsoft Excel

MD5: 19be77c35cbfaf88c8be23bde75f5006 SHA-1: b212e8b49442ac86f80449cbf346af491aca1530 SHA-256: c3a41d7cd364ff8010810068608e8748756440bd6ea8b8761aa659bc9ea89f7b

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file containing a VBA macro, specifically an Auto_Open macro, which is a common technique for executing malicious code automatically when the document is opened. ClamAV identified it as Doc.Macro.Laroux-5893719-0. No specific IOCs like URLs or hashes were extracted from the macro itself, but the presence of the Auto_Open macro strongly indicates an intent to execute arbitrary code.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `7d4447b37f23819da011f85f6d26d6d1c39aa73aa70e9ca2b96e04032d7ef66e`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	2823 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.