Office (OLE) / .EXE malware analysis — malicious · daa52b42a4bb8a86

MALICIOUS

Office (OLE) / .EXE

50.5 KB Created: 1998-02-13 18:47:50

MD5: 9424d8d95293b42ae6f5b397a7656446 SHA-1: 9f50558b512e05fa66126ee28e2727771f96f27a SHA-256: daa52b42a4bb8a8644855abaeb41b9491df2f8941465515788f665d1b48548ee

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The critical ClamAV detection of 'Xls.Trojan.Laroux-33' and the presence of a high-severity Auto_Open VBA macro strongly indicate malicious intent. The Auto_Open macro is designed to execute automatically when the document is opened, serving as a primary execution vector for malware. The file's metadata and the presence of VBA macros are consistent with a macro-based malware delivery.

Heuristics 3

ClamAV: Xls.Trojan.Laroux-33 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-33
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `605e7f0d8f391940c8f3f472f5e0b7d93f6a05f6df2efaf734defaa4a86ffbe7`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	3552 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.