Office (OLE) / .XLS malware analysis — malicious · fd4df84a74150065

MALICIOUS

Office (OLE) / .XLS

13.0 KB Created: 2010-07-13 09:05:15 Authoring application: Microsoft Excel

MD5: ddc2236c3ebd0994617b4e497dd32c10 SHA-1: fa9045001d9af49252e17c8a8a7ba23eec2aa49c SHA-256: fd4df84a741500656b9630a1d5eeff098201300d58800a055821efbf194d6448

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file containing a VBA macro, specifically an Auto_Open macro, which is a common technique for initial execution. ClamAV detection as 'Doc.Macro.Laroux-5893719-0' further confirms its malicious nature. The macro's purpose is to execute arbitrary code upon opening the document.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `79b21a7c777209cbed010937c211fa50ce8f1a7a563e8469017a43761e814fcd`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.