Office (OLE) / .XLS malware analysis — malicious · 756a06326922ad1b

MALICIOUS

Office (OLE) / .XLS

2.37 MB Created: 2010-03-11 18:36:20 Authoring application: Microsoft Excel

MD5: a0cc0a376523c77defafa7bf88d3b39e SHA-1: c0bf4e4660e8ee9bfca27d0e623cfb6eba60a5f1 SHA-256: 756a06326922ad1be17a03835f28ebcf925790ff5e89a23073fc4be70f7e8e3d

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file contains legacy Excel 4.0 (XLM) macros, indicated by the OLE_XLM_AUTOOPEN and OLE_XLM_LEGACY_MACRO_VIRUS heuristics. The presence of the 'XL4Poppy' marker suggests a known macro-virus family. The document body appears to be a financial or construction-related report, likely a lure to disguise the malicious macro execution.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.