Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 fb42713cea74ad7a…

MALICIOUS

Office (OLE) / .XLS

70.5 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel
MD5: cff12cf815ba1c9b5dcc65baafa52e38 SHA-1: 43ad6336b9d7868373ec53202122a1e6c3bfe4c9 SHA-256: fb42713cea74ad7a0d4579b86d6c213b25b1f8594019787da3f2152e436fd8fd
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1219 Remote Services

The critical ClamAV detection and high-severity heuristic for GetObject calls indicate malicious intent. The presence of 1818 bytes of VBA macros suggests the file is designed to execute code. The GetObject call is often used to launch external processes or download additional payloads, aligning with the detection of VBA macros.

Heuristics 3

  • ClamAV: Xls.Malware.Valyria-10012971-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Malware.Valyria-10012971-0
  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
7fc331d29eb876e2bbb7d154afb25d455fc3cd47370b95a1181b63f2c24f4ce8		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1818 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.