Office (OLE) malware analysis — malicious · 2cc2a4b762a2f994

MALICIOUS

Office (OLE)

302.5 KB Created: 2012-03-08 01:03:47 Authoring application: Microsoft Excel First seen: 2015-09-24

MD5: 53ff01a9ce1086b3dd9896bd97c25180 SHA-1: 13951049f6e68f0bbf3b9eda839fff6e92606b14 SHA-256: 2cc2a4b762a2f9947282d4affd43f8e0af58ca5c45c1971f6acdf8a28357e467

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file contains legacy Excel 4.0 (XLM) macros, identified by multiple critical and medium heuristic firings. These macros are designed to infect other workbooks, specifically saving infected copies as 'Book1.xls', and are associated with the 'XF.Classic' Excel Formula Macro Virus. The presence of these indicators strongly suggests a malicious intent to spread and potentially execute further malicious code.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.