Office (OLE) / .XLS malware analysis — malicious · 8bd46e4d069be47d

MALICIOUS

Office (OLE) / .XLS

11.5 KB Created: 2026-02-04 10:31:06 Authoring application: Microsoft Excel

MD5: e9c0fcaf04370e0e692669a1936b7e46 SHA-1: 5e6748fdcab787f2d392a873354e162e9d2b6327 SHA-256: 8bd46e4d069be47dddc1c267ac5c5eee52766f7c81675108c80c47bd8d947d06

108 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1059.001 PowerShell

The sample is an Excel 4.0 macro sheet, identified as encrypted and containing auto-execution macros. The presence of 'SC_STR_WSCRIPT' suggests the use of Windows Script Host to execute commands. While the document body is unreadable, the heuristics indicate a malicious macro sheet designed to run scripts, likely to download and execute further malware. The specific script content is not available for detailed analysis, leading to a lower confidence in family attribution.

Heuristics 4

Reference to Windows Script Host high SC_STR_WSCRIPT

Reference to Windows Script Host
Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
VBA project contains no executable statements low OLE_VBA_MACROS

Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.

Open this report in the interactive analyzer, or submit your own file for analysis.