MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
The critical heuristic firing for OLE_XLM_LEGACY_MACRO_VIRUS indicates the presence of legacy XLM macro-virus family markers. The medium heuristic for OLE_XLM_AUTOOPEN confirms an Excel 4.0 macro sheet is present. The document body contains what appears to be project-related data, but the primary threat comes from the embedded XLM macros, which are known to be used for malicious purposes like downloading further payloads.
Heuristics 2
-
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUSWorkbook contains an Excel 4.0 macro sheet and legacy macro-virus family or workbook-replication strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.
-
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPENWorkbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
Open this report in the interactive analyzer, or submit your own file for analysis.