Office (OLE) / .EXE malware analysis — malicious · f337bde513999c80

MALICIOUS

Office (OLE) / .EXE

38.5 KB Created: 1980-01-05 11:25:12 Authoring application: Microsoft Excel

MD5: d027f2ad5167df2b4cefdfee56b8b203 SHA-1: 29846db49c96a6b9552b747b9cbf062ec11635cc SHA-256: f337bde513999c804944bbc6acb1510153b50273ca9c1c0d6923a4adc26053fe

180 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The critical ClamAV detection of 'Xls.Trojan.Laroux-30' and the presence of a high-severity 'Auto_Open' VBA macro strongly indicate malicious intent. The macro is likely designed to download and execute a secondary payload, a common characteristic of the Laroux family. The file's metadata indicates it was authored by Microsoft Excel.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-30
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `459e60a776c04987ec42e6bda7006e68ed80aac5fc88d9ef1dc8087a60db7f6d`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	4260 bytes
Detection ClamAV: Xls.Trojan.Laroux-30 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.