Malicious Office (OLE) / .XLSX — malware analysis report

Static analysis result for SHA-256 f1abf54ecdb9fc26…

MALICIOUS

Office (OLE) / .XLSX

20.0 KB Created: 1999-01-24 21:25:59 Authoring application: Microsoft Excel
MD5: 2a3e0f7c1e7524d09f25a2dc452e62d0 SHA-1: 637641768611e636f1f899282b119527968e36bf SHA-256: f1abf54ecdb9fc26ded9c02f70ee2faad5384af16adb705a45fce376db91bbd0
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1204.002 Malicious File

The file contains VBA macros, as indicated by the OLE_VBA_MACROS heuristic. The critical ClamAV detection and high severity OLE_VBA_GETOBJ heuristic further confirm its malicious nature. The VBA script appears to be designed to download and execute a second-stage payload, although the specific download URL or execution method is obfuscated within the script. The copyright notice suggests a potential origin or naming convention.

Heuristics 3

  • ClamAV: Doc.Trojan.18th-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.18th-1
  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
e6350ffad01c3b438eec7f6d4253df63442d16b54869592e071dd25daac0e1ab		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1890 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.