Barisada — Office (OLE) / .XLS malware analysis

Static analysis result for SHA-256 c53c9a95db0fa4c7…

MALICIOUS

Office (OLE) / .XLS

36.5 KB Created: 2001-05-10 22:22:03 Authoring application: Microsoft Excel
MD5: 18a875eda53e4286282013df4ab1142e SHA-1: f7e4ce9790b29beb43e05d04a7a1198cf4a86762 SHA-256: c53c9a95db0fa4c7e3d1ff17bf19cfe89dc84fcd17ba613801f204c66910787a
80 Risk Score

Malware Insights

Barisada · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel spreadsheet containing VBA macros, detected by ClamAV as Xls.Trojan.Barisada-8. The document body displays a fake infection warning, a common social engineering tactic to trick users into enabling macros. The presence of VBA macros suggests the intent is to execute malicious code, likely to download and execute a secondary payload.

Heuristics 2

  • ClamAV: Xls.Trojan.Barisada-8 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Trojan.Barisada-8
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
31fa650da46a86b3ea07d13bb6d3e04f5eea1e201951ea39d701dc6f15a8cd5d		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 6234 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.