Office (OLE) / .XLS malware analysis — malicious · 51ed1eed32cedc22

MALICIOUS

Office (OLE) / .XLS

59.5 KB Created: 2025-07-24 14:15:05 Authoring application: WPS Spreadsheetsࠄ

MD5: c6b00e5c248b4a1bcd44b0c4b78a455b SHA-1: b010da30e2d139e57a93f2e2bfe800dfa4d7b9ce SHA-256: 51ed1eed32cedc22d991114ef34dd5c3aac3cb971b75b94295f8a909d5be2d7d

160 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.005 Visual Basic

This XLS file contains VBA macros, including an Auto_Open macro, which is a common technique for executing malicious code when the document is opened. The ClamAV detection 'Xls.Malware.ExcelSic-10004731-1' further confirms its malicious nature. The document body content is unrelated to the malicious functionality.

Heuristics 4

ClamAV: Xls.Malware.ExcelSic-10004731-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Malware.ExcelSic-10004731-1
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
Auto_Close macro high OLE_VBA_AUTOCLOSE

Auto_Close macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `d49b3eed57ea333340314eacd5bf3454f6a2ba3085f3bfa723034dd1a2d97cfb`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1510 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.