Xls.Trojan.Hidemod-1 Office (OLE) malware analysis — malicious · ca2b9b0890579529

MALICIOUS

Office (OLE)

39.5 KB Created: 2004-09-13 01:56:56 Authoring application: Microsoft Excel

MD5: c476d4e41c23e5043dad0b3037f24d7e SHA-1: b30f9a38f112168ac747c059ba846f819136090c SHA-256: ca2b9b0890579529b029d7f50ab3c74d84192b3acbdf148b95abcbb17ed27682

160 Risk Score

Malware Insights

Xls.Trojan.Hidemod-1 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1547.001 Registry Run Keys / Startup Folder

The file is identified as malicious by ClamAV with the signature Xls.Trojan.Hidemod-1. High-severity heuristics indicate the presence of VBA macros, specifically an Auto_Open macro, which is commonly used to execute malicious code immediately upon opening the document. The Auto_Close macro also fired, suggesting potential cleanup or secondary actions. The presence of these macros strongly suggests an initial compromise vector.

Heuristics 4

ClamAV: Xls.Trojan.Hidemod-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Hidemod-1
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
Auto_Close macro high OLE_VBA_AUTOCLOSE

Auto_Close macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `12e4b4f9cb277e476b0a6fd7c4b441d54e8418c35c602bda693544fb32c37975`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	7406 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.