Office (OLE) / .XLS malware analysis — malicious · 37e05f35b47467f8

MALICIOUS

Office (OLE) / .XLS

812.5 KB Created: 2000-02-19 07:01:22 Authoring application: Microsoft Excel

MD5: 04c0ed74ff20adf3c8bba915acfa3ab5 SHA-1: c2f50a9aee0fdff23e0989458c6f385e9f792c98 SHA-256: 37e05f35b47467f84177ab48a98b46ee5fd591b1bbbc916d2a07af71527f77f3

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' strongly suggests this Excel file contains a legacy macro virus. The presence of the 'Equation Editor OLE object' heuristic further supports the likelihood of embedded malicious content. While no specific IOCs like URLs or hashes were extracted, the file's structure and heuristic firings indicate a malicious intent, likely to execute arbitrary code via the macro.

Heuristics 2

Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR

Contains Equation Editor object — related to CVE-2017-11882 / CVE-2018-0802 exploitation, but CLSID presence alone is not the malformed MTEF exploit primitive.
Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.