Office (OLE) / .XLS malware analysis — malicious · 98df66bf064dd808

MALICIOUS

Office (OLE) / .XLS

1.57 MB Created: 2010-01-07 02:31:27 Authoring application: Microsoft Excel

MD5: 60f7280facf4ef853ac8e32ad5b00fc7 SHA-1: cc565b80868b06eeda47b010f5404b0038493da6 SHA-256: 98df66bf064dd808c72e346037b1826189b5cb54370005d28056ab19f6faf0ce

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Service Execution: Visual Basic

The file is identified as a malicious Excel 4.0 (XLM) macro-based document. The presence of the 'XL4Poppy' marker strongly suggests a legacy macro-virus family. The document body, presented as a delivery order or invoice, is likely a lure to trick users into enabling macros, which then execute the embedded malicious XLM code.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.