MALICIOUS
90
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
The file is an Excel spreadsheet containing legacy Excel 4.0 (XLM) macros, indicated by the OLE_XLM_AUTOOPEN and OLE_XLS_FORMULA_MACRO_VIRUS heuristics. These macros are known to be used for malicious purposes, often involving financial lures or downloading further payloads. The presence of embedded URLs suggests an attempt to connect to external resources. While the VBA project itself contains no executable statements, the XLM macros are the primary concern.
Heuristics 4
-
Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUSWorkbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
-
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPENWorkbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
-
VBA project contains no executable statements low OLE_VBA_MACROSDocument contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.tcvg.hochiminhcity.gov.vn/bang_gia_vlxd/bang_gia_vlxd/quy12007/Congdoan
- http://www.tcvg.hochiminhcity.gov.vn/bang_gia_vlxd/bang_gia_vlxd/quy12007/Linh2003
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas506056c2f1c522a54e3617351fe325b9b22f9d95133fed24090ccd1f47ecc973 |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 11739 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.