Office (OLE) / .XLS malware analysis — malicious · 476cf8c09a0cd1cf

MALICIOUS

Office (OLE) / .XLS

52.5 KB Created: 2020-05-06 05:38:26 Authoring application: Microsoft Excel

MD5: 76f01ba5ba9c4c853372355edb9792f0 SHA-1: 66c1b055d77333fe77637fa70ffbcd8e5de0607e SHA-256: 476cf8c09a0cd1cfe759430ab40fdedc652833ca2d54de78c5449ea50ebabe7c

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an encrypted Excel 4.0 macro sheet, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET heuristic. The presence of an auto-open macro (OLE_XLM_AUTOOPEN) suggests it is designed to execute automatically upon opening. The document body is heavily obfuscated and unreadable, preventing further analysis of its specific lure or payload delivery mechanism. Therefore, the exact attack pattern and family remain unclear, but the structure points to a macro-based malicious document.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.