MALICIOUS
82
Risk Score
Heuristics 3
-
Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUSWorkbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
-
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPENWorkbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
-
VBA project contains no executable statements info OLE_VBA_MACROSDocument contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 389 bytes |
SHA-256: e5850c642f81ead8cb4d8eb42fbba65b5c87536f65a43cf8e4f3e60346100fd9 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "SecSignControl1, 287, 0, NTKOSecSignControlLIB, SecSignControl"
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.