Office (OLE) / .XLS malware analysis — malicious · 7e1f02d65c2ff4a2

MALICIOUS

Office (OLE) / .XLS

290.0 KB Created: 2000-05-26 16:45:09 Authoring application: Microsoft Excel

MD5: 61d6c1c8c7c842d9f2e17ab6f922de79 SHA-1: 12daef1aa0a6e2ad9f9303c8c943ad56edc94bec SHA-256: 7e1f02d65c2ff4a26e301ce03cd12bf955b854e90156422e688397f0de20222c

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing both VBA macros and Excel 4.0 (XLM) macros, indicated by the OLE_XLM_AUTOOPEN and OLE_VBA_MACROS heuristics. The presence of these macro types suggests an attempt to execute arbitrary code upon opening. While the specific actions of the macros are truncated, the critical ClamAV detection and the nature of macro-based threats point towards a downloader or initial execution stage for further malicious activity.

Heuristics 3

ClamAV: Xls.Malware.Generic-6680536-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Malware.Generic-6680536-0
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_macros.txt` `a19c3d80fd257c0753b4cee677ee99d1cb4bd4101ef0541d5078f236b1941305`	xlm-macro	oletools.olevba.extract_all_macros (XLM macro listing)	261361 bytes
`macros.bas` `666058ae70451137942d0df27d6aaad533470bccf4ffd0fa9cd050d499d7d411`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	8732 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.