Office (OLE) / .XLS malware analysis — malicious · 1b761a682092f8be

MALICIOUS

Office (OLE) / .XLS

161.5 KB Created: 2006-09-16 00:00:00 Authoring application: Microsoft Excel

MD5: 1d97c6cb50c4107498e4f0e76f539f0c SHA-1: a4dc090837c76aed324bea19c9f62e2d47bb7bc8 SHA-256: 1b761a682092f8be6c7e9eef709be08a7105159a5e4ffb7722b0530fba308ba4

68 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as an encrypted Excel 4.0 macro sheet, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET heuristic. The presence of an AUTOOPEN macro suggests it is designed to execute automatically upon opening. No document body or script content was available for further analysis, limiting the ability to determine the specific payload or delivery mechanism.

Heuristics 3

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
VBA project contains no executable statements low OLE_VBA_MACROS

Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `b80097a76f55105e4a4ae51dcef5f357104254b458ca665f85db45f3b5730777`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	362 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.