Office (OLE) / .XLS malware analysis — malicious · 6efaf2116cca4b23

MALICIOUS

Office (OLE) / .XLS

1.11 MB Created: 1996-10-14 23:33:28 Authoring application: Microsoft Excel

MD5: bb47374760e5671488622231d1df1363 SHA-1: 30d87db0aa5a2379b49d800c0fe073407e19ac19 SHA-256: 6efaf2116cca4b232b8d170ffc3095cbddf3a637ea2079027d1ac75d1ca83c64

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample contains legacy Excel 4.0 (XLM) macro virus markers, indicating the use of outdated macro capabilities for execution. The presence of an Auto_Open macro sheet further confirms the intent to run malicious code upon opening. While the document body discusses public health reporting, the heuristic firings strongly suggest a malicious intent unrelated to the visible content.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.