Office (OLE) / .201 malware analysis — malicious · 86a3103eb9cb4cbf

MALICIOUS

Office (OLE) / .201

5.02 MB Created: 2010-07-13 02:42:56 Authoring application: Microsoft Excel

MD5: 3658e0d271dd7a5e2b7f965b33d0e6b1 SHA-1: 406a84e7cf2f6698e2d119bb809a6d1a4eeaa596 SHA-256: 86a3103eb9cb4cbf37455c3b6159773bcd3b5eebb1295e0c6fccf4d86040a23e

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file contains critical heuristic firings indicating the presence of legacy Excel 4.0 (XLM) macros, specifically the 'Auto_Open' function and a marker associated with the 'XL4Poppy' family. The 'RUN' command within the macro sheet suggests an attempt to execute arbitrary code. While no specific URLs or hashes were extracted, the presence of these legacy macro features strongly indicates malicious intent.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.