Xls.Trojan.Flyaway-2 Office (OLE) / .XLSX malware analysis — malicious · f0cf5cf9ed206d60

MALICIOUS

Office (OLE) / .XLSX

19.0 KB Created: 1998-04-16 18:08:40 Authoring application: Microsoft Excel

MD5: b3291e82a9c129f98c6e2a4ad87ecdcd SHA-1: ad2ae74d990ea8e40effd936946f839ee274391d SHA-256: f0cf5cf9ed206d6063e1d8484f9334a4169cec16ab1f5b30925c16532fc02733

80 Risk Score

Malware Insights

Xls.Trojan.Flyaway-2 · confidence 85%

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Xls.Trojan.Flyaway-2. The embedded VBA macro attempts to copy itself to any other open workbooks, suggesting a propagation or infection mechanism. The macro code is obfuscated with non-standard variable names and lacks clear indicators of a download or execution routine, but the self-replication behavior is evident.

Heuristics 2

ClamAV: Xls.Trojan.Flyaway-2 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Flyaway-2
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `392fb86e99f2e79b7201b00c18b74bfcf47fae76e7c74e354bbec628203b7bcc`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1616 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.