MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
The presence of Excel 4.0 macros (XLM) is strongly indicated by the OLE_XLM_AUTOOPEN heuristic. The OLE_SLACK_ANOMALY heuristic suggests that the file structure is unusual, potentially to hide malicious content. The document body is heavily corrupted and unreadable, providing no further context on the specific lure or payload. The primary attack vector appears to be the execution of embedded XLM macros.
Heuristics 2
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 116,939 bytes but its declared streams total only 0 bytes — 116,939 bytes (100%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
-
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPENWorkbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
Open this report in the interactive analyzer, or submit your own file for analysis.