Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 4c790938348b6e3e…

MALICIOUS

Office (OLE)

19.0 KB Created: 1998-12-14 07:47:39 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: d62f53ab6580c41c7369399c7d5f8d10 SHA-1: f1f87a9c20a30866f0000be256bf3dbdcd0f3cfa SHA-256: 4c790938348b6e3e5a546d3f5dfac470b3cfc1a080ad964ab777157873af6ca8
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1203 Exploitation for Client Execution

The critical ClamAV heuristic and the presence of Excel 4.0 macros (OLE_XLM_AUTOOPEN) strongly indicate malicious intent. The macro sheet contains instructions to convert text to formulas and execute them, a common technique for downloading and running additional malware. The extracted filenames 'xl5glry.xls' and its path suggest potential dropped or related malicious files.

Heuristics 2

  • ClamAV: Win.Trojan.Crazy-2 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Crazy-2
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.