Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 53611821d03e3086…

MALICIOUS

Office (OLE) / .XLS

189.5 KB Created: 2021-02-23 19:30:17 Authoring application: Microsoft Excel
MD5: 80725143217afe4526200deab8e1d41f SHA-1: f02d4523506a3f84cd7991426316afc41052ce66 SHA-256: 53611821d03e3086179c3b27bf526b17091f13e9e061830aa03484c019adc906
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The sample is an Excel 4.0 macro sheet, identified as encrypted and containing an auto-open macro. This suggests it's designed to execute automatically upon opening. The presence of an encrypted macro sheet and the auto-open heuristic strongly indicate a malicious intent, likely to download and execute a secondary payload.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.