Office (OLE) / .XLS malware analysis — malicious · 063ebd1c338484e3

MALICIOUS

Office (OLE) / .XLS

691.5 KB Created: 2003-07-13 10:04:24 Authoring application: Microsoft Excel

MD5: 9b8ec73512177ed9be18074e3f912cb4 SHA-1: 0125c93f3b318e3b0c50e2d3b019a221f3f2f109 SHA-256: 063ebd1c338484e30fa0b1dbf634849adb873657feccd728e9503706262f64ca

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as a legacy Excel Formula Macro Virus (XF.Classic) due to the presence of XLM macros. The document body indicates it's an 'Antivirus Bait file' and mentions infecting other workbooks, saving them as 'Book1.xls', and potentially delivering a payload described as 'Hydrocodone/APAP 10-650 For Your Computer'. The extracted filenames and paths suggest its intended propagation mechanism.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.