Office (OLE) / .XLS malware analysis — malicious · d9c1d5af3966b922

MALICIOUS

Office (OLE) / .XLS

14.5 KB Created: 2010-05-06 21:34:18 Authoring application: Microsoft Excel

MD5: 683b504aa0f5dd1c3455e01f9f224911 SHA-1: d4ced6b3b30b6895c8a5f66315d351540a7676fe SHA-256: d9c1d5af3966b922860daf95e8f6bee85c372c7b2516c232df63d2a8944154cb

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel spreadsheet containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code automatically when the document is opened. ClamAV signature 'Doc.Macro.Laroux-5893719-0' further confirms its malicious nature. The macros are likely responsible for the malicious payload delivery.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `79b21a7c777209cbed010937c211fa50ce8f1a7a563e8469017a43761e814fcd`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.