Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 29695bd453515d95…

MALICIOUS

Office (OLE) / .XLS

230.5 KB Created: 2020-09-23 01:02:53 Authoring application: Microsoft Excel
MD5: a61c2a2eb989765cbbc4356b5c641641 SHA-1: 80d32d33e1e5afb48bd3408eacb6e03d87ee3bcb SHA-256: 29695bd453515d95cfbd52f324f25d1f2b301eeffe0238a53d1617bbe99a4e80
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet that is encrypted. This strongly suggests that it is designed to execute malicious code upon opening. The presence of an encrypted macro sheet is a common technique for delivering malware. No specific family could be identified due to the encryption.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.