Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 f8d06c20dc2af83a…

MALICIOUS

Office (OLE) / .XLS

70.5 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel
MD5: df41fbe24e3411bb8bcf2b2ed60b84ca SHA-1: 81cadbe66ad8d6d46a5629047f59045cca38aabf SHA-256: f8d06c20dc2af83af29551f384bbde4e5380911d8db0f9e56ca549bb5995d413
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1219 Remote Access Software

The critical ClamAV heuristic identifies this file as Xls.Malware.Valyria-10012971-0, indicating a known malicious Excel variant. The presence of VBA macros and a high-severity heuristic for GetObject calls strongly suggests the macros are intended to execute malicious code, likely by leveraging Windows Script Host or similar mechanisms to download and run a second-stage payload. The specific family could not be determined from the available heuristics.

Heuristics 3

  • ClamAV: Xls.Malware.Valyria-10012971-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Malware.Valyria-10012971-0
  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
b9928d3af8219b1495e4f8ad8b55f03f0b69edb0d832616a35fa2fb26b1945a2		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1818 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.