Office (OLE) / .EXE malware analysis — malicious · d6e48dab7496c714

MALICIOUS

Office (OLE) / .EXE

47.0 KB Created: 2000-04-24 02:48:41 Authoring application: Microsoft Excel

MD5: b5cadcddd795c223cddb5f4d30011ba7 SHA-1: 88d12604c6955930a0db9165d2bd9518d260f956 SHA-256: d6e48dab7496c714ba41ae1d5834941a6359cf3e215b38108fe8c8fd12db6801

180 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an OLE executable containing VBA macros, with a critical heuristic indicating an Auto_Open macro. This suggests the file is designed to execute malicious code automatically when opened in an application like Microsoft Excel. ClamAV detection further confirms its malicious nature. No specific family could be identified, and no external IOCs were extracted.

Heuristics 4

ClamAV: Xls.Trojan.Tabej-2 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Tabej-2
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `ed1126ce499b6aaeca66c2ea2d438023024a17835f172ffdff16435196609d17`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1241 bytes
Detection ClamAV: Xls.Trojan.Tabej-2 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.