Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 efe6581132d52861…

MALICIOUS

Office (OLE) / .XLS

138.0 KB Created: 2021-08-10 07:24:04
MD5: 98251d7e16a4b1e7738e758dd1cec790 SHA-1: ef103f7219d031f95f3288d43dbb8334c66d2f2c SHA-256: efe6581132d528611f1673583bb79ea93ff9b67623423d7761d9ab296022d81e
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical ClamAV heuristic firing indicates the file is recognized as malware. The presence of VBA macros, as flagged by a medium heuristic, is confirmed by the extracted script. The VBA code appears to be obfuscated, but its structure suggests it is designed to download and execute a payload. The specific ClamAV detection name 'Win.Malware.Agent-9885251-0' is included as a primary IOC.

Heuristics 2

  • ClamAV: Win.Malware.Agent-9885251-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Malware.Agent-9885251-0
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
65c25caae13130bcee122e55b4c4f29b14124e14a03d32edce3754f4761106c3		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2018 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.