Office (OLE) / .XLS malware analysis — malicious · 132b94aaf67226bb

MALICIOUS

Office (OLE) / .XLS

218.0 KB Created: 2020-09-24 19:32:47 Authoring application: Microsoft Excel

MD5: fbba238f65bfb58025a61259c0adce62 SHA-1: c24e9ee8ca7b0df99b9cd95208065ec74a6dc7bd SHA-256: 132b94aaf67226bbc2757f0057bef8f5d7bf746b473ce26262a15003acbb9f52

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel 4.0 macro sheet, identified as encrypted and containing an auto-open macro. This suggests the file is designed to automatically execute malicious code upon opening. The specific nature of the payload is not discernible from the provided evidence, but the presence of an encrypted macro sheet indicates a deliberate attempt to obfuscate malicious activity.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.