Office (OLE) / .XLS malware analysis — malicious · fd8fb3e11d99a6d6

MALICIOUS

Office (OLE) / .XLS

376.5 KB

MD5: 8bef6462eaf14f26e7bc698c0324f8c3 SHA-1: 4deefb742406355b63fe645378f4b76cca5c2af4 SHA-256: fd8fb3e11d99a6d6859132438636b7ee4b065c4d122fed6cf9ef09a8efb31949

160 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The file is an XLS document containing VBA macros. Heuristics indicate the presence of CreateObject and CallByName functions, commonly used in malicious macros to execute code. The ClamAV detection further confirms its malicious nature. The macros likely download and execute a second-stage payload, but no specific URLs or further details were extracted from the provided evidence.

Heuristics 4

ClamAV: Xls.Malware.Chartres-7641208-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Malware.Chartres-7641208-0
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
CallByName call high OLE_VBA_CALLBYNAME

CallByName call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `8c6472b8c563cc168f35ec4fd70824264234077b046e2683cd092f26c55f3c2d`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	4970 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.