Office (OLE) / .XLS malware analysis — malicious · 1c073abcf9a28281

MALICIOUS

Office (OLE) / .XLS

534.0 KB Created: 2020-04-23 12:26:24 Authoring application: Microsoft Excel

MD5: 43e9d3ea20b6c0db24bdf989553292fc SHA-1: 45c404b0c4c0835df28feefeadf3d5ee8ad6fa4b SHA-256: 1c073abcf9a282817bf520491dcc623869c32bfa21f46efedd18a0e5cca5e4b8

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical ClamAV detection and the presence of an encrypted Excel 4.0 macro sheet strongly indicate a malicious dropper. The macro sheet likely contains code to download and execute a secondary payload, as suggested by the 'Dropper.Agent' naming convention. The encrypted nature of the macro sheet is a common obfuscation technique used by malware.

Heuristics 3

ClamAV: Xls.Dropper.Agent-8396035-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Agent-8396035-0
Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.