Office (OLE) / .XLS malware analysis — malicious · 8527439234e93dfa

MALICIOUS

Office (OLE) / .XLS

3.72 MB Created: 2010-03-17 08:00:58 Authoring application: Microsoft Excel

MD5: 1602161a046bb7a4425afd1927cc1346 SHA-1: 950e4f9c0126fe880a7cf2adc5e1d6e05317586a SHA-256: 8527439234e93dfadae0051a98ce194ddda9a11dcdb1b88e34ce1de618a396bd

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as a malicious Excel file containing legacy Excel 4.0 (XLM) macros, specifically triggering the 'Auto_Open' and 'XL4Poppy' markers. These macros are known for their ability to execute arbitrary code, indicating a likely intent to download and run a secondary payload.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.