Office (OLE) malware analysis — malicious · 0ba3b4a72f574836

MALICIOUS

Office (OLE)

288.5 KB Created: 2020-07-15 07:56:55 Authoring application: Microsoft Excel

MD5: 2df1af531f51dc81b43b17ad7ab8a119 SHA-1: 189054c4533ab7bf40339579f5d596b9a1d31c9c SHA-256: 0ba3b4a72f574836f428b6f532b59c38e2ccac692b04bb93e5a19e2621656668

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is identified as malicious by ClamAV with the signature Xls.Dropper.Agent-8884608-0. Static analysis revealed encrypted Excel 4.0 macros, indicating the file is designed to execute code upon opening. The presence of these macros suggests an attempt to download and run a secondary payload, a common tactic for malware droppers.

Heuristics 3

ClamAV: Xls.Dropper.Agent-8884608-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Agent-8884608-0
Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.