Office (OLE) / .XLS malware analysis — malicious · e86a94728284bb08

MALICIOUS

Office (OLE) / .XLS

700.0 KB Created: 2003-10-10 19:00:57 Authoring application: Microsoft Excel

MD5: d3077723c585207b8a111ab166526ec9 SHA-1: 32fd31da01492c4ae29960cf2f0a041de83e5070 SHA-256: e86a94728284bb087a6af5b2b08ad044f485bcbdf9f1398e10fe460690131881

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The file is an Excel spreadsheet containing VBA macros, specifically triggering on Workbook_Open and Auto_Open events, indicating an attempt to automatically execute malicious code upon opening. The document body text is formatted to appear as a legitimate business or system maintenance guide, likely to deceive the user into enabling macros. The presence of embedded URLs suggests a potential download or redirection mechanism. No specific malware family could be identified, but the macro-based execution and embedded URLs are common for initial access and payload delivery.

Heuristics 4

Workbook_Open macro high OLE_VBA_WBOPEN

Workbook_Open macro
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.gamani.com).�
- http://www.tudosobrexcel.hpg.com.br

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `142fd9183dcbe42502f73dfc0c32949d2921597efd8d37250c732089ba73446b`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	218146 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.