Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 d7cb64c0272bf1af…

MALICIOUS

Office (OLE)

34.0 KB Created: 2008-04-14 02:30:32 Authoring application: Microsoft Excel
MD5: 854d1b4a6375f3110737a3d6e17bdb78 SHA-1: 17a4815af3fd1f5c8008112f13d8a7b5143ff818 SHA-256: d7cb64c0272bf1af13e789a1776644313be9fc3cdc38852df693f7f5e75856ba
140 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Xls.Trojan.Laroux-32. Static analysis detected VBA macros, which are often used to deliver malicious payloads. The document body contains what appears to be a list of names and contact details, suggesting a social engineering or phishing lure.

Heuristics 3

  • ClamAV: Xls.Trojan.Laroux-32 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Trojan.Laroux-32
  • ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV
    ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
bb1c719dd8f32fc77f23837915f5df4bfed19fd9b2018afcc9f50762c68ba321		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2067 bytes
Detection
ClamAV: Xls.Trojan.Laroux-32
Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.