Office (OLE) / .XLS malware analysis — malicious · 2167b2c435b6eaeb

MALICIOUS

Office (OLE) / .XLS

1.85 MB Created: 2006-07-08 07:47:51 Authoring application: Microsoft Excel

MD5: 746d6925a2c629dd6aecd36de1dee94a SHA-1: 3d6c50e0fb3804d3c4754a67d9e58f9155414846 SHA-256: 2167b2c435b6eaebbcd4c5ce335c89e6d5d13d575aa7b8f1905034793f61e0c6

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1059.001 PowerShell

The file is identified as a malicious Excel 4.0 (XLM) macro-virus, indicated by the 'OLE_XLM_AUTOOPEN' and 'OLE_XLM_LEGACY_MACRO_VIRUS' heuristic firings. The presence of an Auto_Open macro suggests that arbitrary code execution is intended upon opening the document. The document body contains typical lures for social engineering, such as promotions and news, but lacks specific instructions or embedded scripts to detail the exact payload. The macro sheet marker at offset 0x1D1320 further confirms the presence of executable macro content.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.