Office (OLE) / .XLS malware analysis — malicious · db52ab3fd5c12550

MALICIOUS

Office (OLE) / .XLS

2.69 MB Created: 2006-12-26 20:07:17 Authoring application: Microsoft Excel

MD5: 325a02532d93ce17a3976954326352b3 SHA-1: 32c8c4e32122f37fb804a0d25c966d503da16f5d SHA-256: db52ab3fd5c12550d8b9b33fa35aa6d1811b29a72df1a056f873c7ef2ece522a

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.002 Spearphishing with Other

The file is an Excel spreadsheet identified as malicious due to the presence of VBA macros. A Workbook_Open macro was detected, which is a common technique for executing malicious code upon opening the document. The 'macros.bas' file was extracted and exhibits VBA Chr string obfuscation, indicating an attempt to hide malicious functionality. The document body contains what appears to be order processing data, likely a lure to disguise the malicious nature of the spreadsheet.

Heuristics 3

Workbook_Open macro high OLE_VBA_WBOPEN

Workbook_Open macro
Suspicious extracted artifact high EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `7d4aaae9daa8c68046034cffa87677f4c775a000ab2b2369b4a8499490a29471`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	59076 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 21 Chr/ChrW string-construction calls.

Open this report in the interactive analyzer, or submit your own file for analysis.