Office (OLE) / .XLS malware analysis — malicious · 5eca8b9a45c6bdba

MALICIOUS

Office (OLE) / .XLS

241.0 KB Created: 2020-09-20 23:07:19 Authoring application: Microsoft Excel

MD5: 4ced2c601a32da7343e8e688f6d7575f SHA-1: 7342842c7be76d7dc2652a3297ea3f867efc97d2 SHA-256: 5eca8b9a45c6bdbaea67eacced733a2263613d3dec29e8f41f32fab2d9d1baaa

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet that is encrypted, which is a strong indicator of malicious intent. The presence of an 'AUTOOPEN' macro further suggests that the sheet is designed to execute automatically when opened. Without further deobfuscation or script content, the exact payload and delivery mechanism remain unclear.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.