Malware Insights
This XLS file contains both Excel 4.0 macros and VBA macros, with a critical ClamAV detection indicating it is malicious. The presence of VBA macros, including API declarations for interacting with the Windows API (e.g., WritePrivateProfileString, GetWindowsDirectory), suggests the potential for system modification or payload execution. The XLM macros also indicate macro-based execution. While no specific URLs or executable payloads were directly extracted, the combination of macro types and the critical detection strongly suggests a downloader or droppper functionality, aiming to fetch and execute further malicious content.
Heuristics 3
-
ClamAV: Xls.Malware.Generic-6680536-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Malware.Generic-6680536-0
-
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPENWorkbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
-
VBA macros detected medium OLE_VBA_MACROSDocument contains VBA macro code
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
xlm_macros.txtc4a283288b9a93214fe0a036d1e85954cbf31889012461275694d07f2372e0bc |
xlm-macro | oletools.olevba.extract_all_macros (XLM macro listing) | 70133 bytes |
macros.bas322c94d84628f441b87d3472303a7414fd51c5c11c21f04c83891d48de7a57f8 |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 4824 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.