Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 c94c483aebbc94ff…

MALICIOUS

Office (OLE) / .XLS

53.5 KB Created: 2010-08-09 00:56:21 Authoring application: Microsoft Excel
MD5: 32402c2529bc74eace8c7d07eaf07b04 SHA-1: df69760785da3f7bc885114b44e0a932adc76089 SHA-256: c94c483aebbc94ff0f7f9193a2b4fe03f8c0e1661e6a05a0fe7b70c548e73823
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.002 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature 'Doc.Macro.Laroux-5893719-0'. Static analysis detected VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening the document. The document body contains what appears to be manufacturing and quality control metrics, likely a lure to disguise the malicious nature of the spreadsheet.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
9e8ce1401c4739b83f9e6a6842670f92d64e220d4214f18d0db5f915102b51a3		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1176 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.