Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 f941ef161308d4b4…

MALICIOUS

Office (OLE) / .XLS

37.0 KB Created: 2010-07-14 07:40:00 Authoring application: Microsoft Excel
MD5: 7062bed294009fdb78c640bf9bcd4de9 SHA-1: aca83d181be4a6e80a3ce5d122b0f1f58a294a1c SHA-256: f941ef161308d4b42584ec3477b2e5d860e225b3f8f73853c1fc890c8241a8ff
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The file is an XLS document with VBA macros, specifically an Auto_Open macro, which is a common delivery mechanism for malicious content. ClamAV detected it as Doc.Macro.Laroux-5893719-0. The document body contains a list of names under the heading 'StartUp, 注塑厂名单', suggesting a social engineering lure to encourage macro execution. No scripts were extracted, and the specific payload is not detailed in the provided evidence.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
ef21a95e8103463135e9f03a5807171a2d74eaaca10c098a1a757a9dd5f72d9e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1482 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.