Office (OLE) / .XLS malware analysis — malicious · 457f24c47559178f

MALICIOUS

Office (OLE) / .XLS

988.0 KB Created: 2010-03-31 09:22:49 Authoring application: Microsoft Excel

MD5: 5d528a7e4c5e6a489cfeab02269d377e SHA-1: e468192951429156d838d266de5173d9737380fb SHA-256: 457f24c47559178fe3f7337579e47933f91e0665613b305a012cb9faa07b27da

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The sample is an Excel 4.0 (XLM) macro-enabled spreadsheet. Heuristics indicate the presence of legacy XLM macro-virus markers ('XL4Poppy') and an Auto_Open macro, suggesting it's designed to execute malicious code upon opening. The 'RUN' function call within the macro sheet is particularly concerning as it can be used to execute arbitrary commands or load external resources, aligning with the attack pattern of initial compromise.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.