MALICIOUS
62
Risk Score
Heuristics 2
-
Excel 4.0 macro hidden in a regular worksheet part critical OOXML_XLM_MACRO_IN_WORKSHEETWorkbook declares an Auto_Open / Auto_Close defined name and stores Excel 4.0 (XLM) download/execute logic inside parts declared as normal worksheets — there is no xl/macrosheets/ part or xlMacrosheet relationship, so structural XLM detectors that trust the macro-sheet content type miss it. Resolved WinAPI download/exec strings (URLDownloadToFile / ShellExecute) sit directly in worksheet cells. This is the OOXML XLM auto-execution surface in disguise, a 2021-era evasion used by builders such as AsHkERE/EZHE.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://wmwifbajxxbcxmucxmlc.com/files/april24.dll Referenced by macro
Open this report in the interactive analyzer, or submit your own file for analysis.