Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 630acf80f217db5c…

MALICIOUS

Office (OLE) / .XLS

212.0 KB Created: 2020-10-01 02:51:10 Authoring application: Microsoft Excel
MD5: aa6a78c603ccd6d2caa41f486bf58ba5 SHA-1: 1e63cbcf2a2636a3d59ab66f2beaedd68326cb27 SHA-256: 630acf80f217db5cd754ce472087a862c6b386f0f77a5b5593f7d2334f79952a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet that is encrypted, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET heuristic. The presence of an AUTOOPEN macro suggests it is designed to execute automatically when the spreadsheet is opened. The document body is unreadable, but the heuristics strongly suggest malicious intent.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.