Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 e0d2792c2248bacd…

MALICIOUS

Office (OLE) / .XLS

15.0 KB Created: 2010-02-24 00:25:22 Authoring application: Microsoft Excel
MD5: 0b9f2eefb8a12ff865bc3dfc4ca8cc17 SHA-1: 792ffc691f8d51231e68114c3f00c0dd289f1173 SHA-256: e0d2792c2248bacd1a6c2bb9598e7a28ad59ffc32482fcc0a2f61bf2fb500af5
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical ClamAV detection and high-severity heuristic for an Auto_Open macro strongly indicate malicious intent. The presence of 1606 bytes of VBA macros, including an Auto_Open routine, suggests the file is designed to execute arbitrary code when opened. The specific ClamAV signature 'Doc.Macro.Laroux-5893719-0' points to a known macro-based malware family, though further analysis would be needed to confirm a specific family.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
79b21a7c777209cbed010937c211fa50ce8f1a7a563e8469017a43761e814fcd		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.