Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 0494b125b6466f26…

MALICIOUS

Office (OLE)

920.5 KB Created: 2020-07-07 10:47:28 Authoring application: Microsoft Excel First seen: 2020-07-24
MD5: 9d1bdc2bca0b7414e62555f3d97e0348 SHA-1: c1374ec16dfcce49d2aab7783b050704075b8927 SHA-256: 0494b125b6466f26f83f3a63b8b89fa9c6bf5ed36e5fcc2bbd5edfa56e122f99
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical ClamAV heuristic and the presence of an encrypted Excel 4.0 macro sheet strongly indicate malicious intent. The macro sheet likely contains code to download and execute a secondary payload, as suggested by the 'Dropper' classification in the ClamAV detection name.

Heuristics 3

  • ClamAV: Xls.Dropper.Agent-8797830-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.Agent-8797830-0
  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.