Office (OLE) / .XLS malware analysis — malicious · 9634c35133725757

MALICIOUS

Office (OLE) / .XLS

1.50 MB Created: 2008-03-03 09:36:26 Authoring application: Microsoft Excel

MD5: 4939332f762336087d6219897677b81e SHA-1: f03ca12c311e1efbf6f96953c4c13f7743036dce SHA-256: 9634c35133725757873d8c33e9f6b811bae8d3ffe09bba6e352dc3c55f0b66f5

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Service Execution: Visual Basic

The file contains legacy Excel 4.0 (XLM) macros, indicated by the OLE_XLM_AUTOOPEN and OLE_XLM_LEGACY_MACRO_VIRUS heuristic firings. These macros are designed to execute automatically upon opening the spreadsheet. The document body presents a financial report, suggesting a lure to entice users to open the malicious file. No specific IOCs were extracted, but the presence of legacy macro execution is a strong indicator of malicious intent.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.