Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 51992e99bdb01ac3…

MALICIOUS

Office (OLE)

353.5 KB Created: 2020-07-21 07:21:33 Authoring application: Microsoft Excel First seen: 2020-09-15
MD5: df69f1177e4060e320a75cb4b81ce571 SHA-1: 985d61a3faed88f1b4ffdd385cf01f07eeeac905 SHA-256: 51992e99bdb01ac31d678e320a27871dc49a3f68dd30dff222c3098d4d0e342e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is identified as an Excel 4.0 macro sheet that is encrypted. This suggests the presence of hidden or obfuscated malicious logic designed to execute when the file is opened. The specific macro sheet marker and encryption point to a deliberate attempt to conceal its functionality, likely for malicious purposes.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.