Office (OLE) / .XLS malware analysis — malicious · 5e70472680728383

MALICIOUS

Office (OLE) / .XLS

595.0 KB Created: 2021-12-17 12:12:16 Authoring application: Microsoft Excel

MD5: 49b09ab99417c4806b536a9a94d6492b SHA-1: 735865dd0b006c8cbfe55c2c23b2a026d85ea8f2 SHA-256: 5e70472680728383e2f389a2053a55589c7dd18fcab9ef1a89843c31197c1741

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an encrypted Excel 4.0 macro sheet, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET heuristic. The presence of an AUTOOPEN macro suggests it is designed to execute automatically upon opening. While the document body is unreadable, the heuristics strongly suggest a malicious macro-based execution, likely a downloader.

Heuristics 3

ClamAV: Win.Malware.Agent-9917389-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Malware.Agent-9917389-0
Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.