Office (OLE) / .XLS malware analysis — malicious · 6b9e3a557c35fb63

MALICIOUS

Office (OLE) / .XLS

2.97 MB Created: 2000-05-26 16:45:09 Authoring application: Microsoft Excel

MD5: 4264206f1b4f9801a88bcdea97c5bc21 SHA-1: f520e1beb282b3d00593f69d69e6c4893ea1086d SHA-256: 6b9e3a557c35fb634a9884ae72c480704d814807d225e759b0160604aef8746a

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing both VBA macros and Excel 4.0 (XLM) macros, as indicated by the OLE_XLM_AUTOOPEN and OLE_VBA_MACROS heuristics. The presence of these macro types suggests an attempt to execute arbitrary code upon opening. The extracted document body and script fragments do not reveal a clear user-facing lure, but the presence of macros and the ClamAV detection strongly indicate malicious intent, likely to download and execute a secondary payload.

Heuristics 3

ClamAV: Xls.Malware.Generic-6680536-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Malware.Generic-6680536-0
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_macros.txt` `675defed5596c4c856be35bc76effae58facdb965a84ed4d7679732d034eb1c8`	xlm-macro	oletools.olevba.extract_all_macros (XLM macro listing)	3268354 bytes
`macros.bas` `f1a0a1924498708ffcd80c76cbe0099a7455fcbadc042a137c46e5b69a1d37b8`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	9033 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.