Office (OLE) / .XLS malware analysis — malicious · 6ab3f6d8bc3f011c

MALICIOUS

Office (OLE) / .XLS

3.31 MB Created: 2010-07-02 01:45:23 Authoring application: Microsoft Excel

MD5: c52cc65f7d66208166eb4632c48b91af SHA-1: a6afcfed9886120c3960addefdea355f6d9314ba SHA-256: 6ab3f6d8bc3f011c0a17c29749f90395f358152f4f399f0a2ea01ad5975a35f7

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel XLS document containing legacy Excel 4.0 (XLM) macros, indicated by the OLE_XLM_AUTOOPEN and OLE_XLM_LEGACY_MACRO_VIRUS heuristic firings. The macro sheet contains markers associated with legacy macro viruses. The document body contains comments suggesting the macro is designed to copy itself and is malicious. The presence of XLM macros points to T1059.005 as the likely execution technique.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.