Office (OLE) / .XLS malware analysis — malicious · db7f52163db8d3d7

MALICIOUS

Office (OLE) / .XLS

18.5 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 3bed5662305ac5c750b235093f82da70 SHA-1: bef07b0d6f629ad03c1248f79904cb4c52d439d8 SHA-256: db7f52163db8d3d7ef2665960e332d1f1fdbcef063f72e86983c99d4f93a32dd

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The critical ClamAV heuristic and high heuristic for an Auto_Open macro indicate malicious VBA code is present. The presence of an Auto_Open macro suggests the malware attempts to execute automatically when the document is opened, likely to download and execute a second-stage payload. The file is classified as malicious with high confidence.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `b35f884f1ab3c6e6c1dbe2d6db716dba0e1ebba6f7c888a0fd88da628484a892`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1912 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.