Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 5d3f3d78b701d782…

MALICIOUS

Office (OLE)

3.13 MB Created: 2010-07-28 03:10:08 Authoring application: Microsoft Excel First seen: 2026-05-11
MD5: c51631636837413c64ffbc593160fbcf SHA-1: 4021f5e1cca6794c3d8eb0d7e05b24fd50d39884 SHA-256: 5d3f3d78b701d782036e11238279469043299595d18ba9785b24b6a5adc23a7e
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing for OLE_XLM_LEGACY_MACRO_VIRUS indicates the presence of legacy XLM macro-virus family markers. The medium heuristic for OLE_XLM_AUTOOPEN confirms an Excel 4.0 macro sheet is present. The document body contains what appears to be project-related data, but the primary threat comes from the embedded XLM macros, which are known to be used for malicious purposes like downloading further payloads.

Heuristics 2

  • Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS
    Workbook contains an Excel 4.0 macro sheet and legacy macro-virus family or workbook-replication strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.