Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 f029170b6aa82ddf…

MALICIOUS

Office (OLE) / .XLS

43.5 KB Created: 2020-11-17 08:47:11 Authoring application: Microsoft Excel
MD5: 3f556de60ea9e7477ab8d08a74fe5eee SHA-1: 9318e2f2d0ee843f1bc78df5fb8e0a4892e61af8 SHA-256: f029170b6aa82ddf5a5ddcf7215baf22eeb054aa3a6bc96b54456b8a7de60d90
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical ClamAV heuristic and the presence of VBA macros strongly indicate malicious intent. The macros likely facilitate the download and execution of additional malware, as suggested by the 'EMBEDDED_URL' heuristic. The document body content is heavily obfuscated and does not provide clear user-facing lures.

Heuristics 2

  • ClamAV: Xls.Malware.Mrhl-9774585-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Malware.Mrhl-9774585-0
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
dbb4ed55ff9c6bd41b93783080ee964da95cb8b4dab09d7540fb934993112609		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1299 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.