Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 f6e999d0c9720f25…

MALICIOUS

Office (OLE)

23.5 KB Created: 2009-03-31 10:50:27 Authoring application: Microsoft Excel
MD5: 937828c0a761ce260ae0d1a8ec8e828f SHA-1: 6cb2622207a8ba1f2d8c35b4f8a1c63658cb2113 SHA-256: f6e999d0c9720f254d637bef458e6da05956ab6ba79de9096d2e2676ae4e3135
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Office document containing VBA macros, specifically an Auto_Open macro, which is a common technique for initial execution. ClamAV detection as Doc.Macro.Laroux-5893719-0 further confirms its malicious nature. The document body content is generic spreadsheet data and does not provide further clues on the specific lure.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • VBA macros detected medium 1 related finding OLE_VBA_MACROS
    Document contains VBA macro code
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
ca590847096b3669ec12a4d0805613ab988f88c2ad6a348525f2a9f021510892		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1824 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.