Office (OLE) malware analysis — malicious · 48eb94cc491f59b9

MALICIOUS

Office (OLE)

298.0 KB Created: 2020-07-15 07:56:55 Authoring application: Microsoft Excel

MD5: 0983f5f90c2c6b305e27d357873c6552 SHA-1: 19e996fb068bad7cbfd1ff373f104a45f159b0f5 SHA-256: 48eb94cc491f59b951a2753961864dd0d6257d96e0ba0862a302399cd1e7dba4

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The critical ClamAV heuristic indicates this file is a known malicious Excel dropper. The presence of encrypted Excel 4.0 macros, specifically an AutoOpen macro, strongly suggests it's designed to execute malicious code upon opening. The file is identified as Xls.Dropper.Agent-8898926-0, pointing to its function as a downloader for further malicious activity.

Heuristics 3

ClamAV: Xls.Dropper.Agent-8898926-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Agent-8898926-0
Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.