Office (OLE) malware analysis — malicious · 8e1df28305ba9aa9

MALICIOUS

Office (OLE)

3.84 MB Created: 2008-07-03 09:06:30 Authoring application: Microsoft Excel

MD5: f14521c7e806b628f3f0f6463dbe7ee2 SHA-1: bd196fbfb0f095fab9b98d47af64faf4ac5b3b7d SHA-256: 8e1df28305ba9aa9827098b6777bee9ae2cd2e9d486ee5f50fdd39e913f22a7a

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The file contains critical heuristic firings indicating the presence of legacy Excel 4.0 (XLM) macros, specifically identified as 'XL4Poppy'. These macros are known to be used for malicious purposes, often involving the execution of arbitrary code or the download of further payloads. The document body appears to be financial or operational data, which could be a lure for a phishing or scam attempt.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.