Office (OOXML) / .XLSM malware analysis — malicious · 9aebaf97418b9e26

MALICIOUS

Office (OOXML) / .XLSM

365.2 KB

MD5: 4a0200862a2492c84ec8da8421c2d014 SHA-1: bbdcb11dd2c39ad2975b418e64698e1e65327e29 SHA-256: 9aebaf97418b9e26690ba5de91578127000c3e47dcc1b69a729689ddcf48dc9f

68 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic OOXML_XLM_MACROSHEET indicates the presence of Excel 4.0 macros, which are often used to deliver malicious payloads. The malformed ZIP structure suggests an attempt to obscure the malicious content. No specific IOCs were extracted, but the file's structure strongly suggests it's a macro-based attack.

Heuristics 2

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Malformed OOXML local headers contain an Excel 4.0 (XLM) macro sheet. XLM was a major Office malware vector during 2020-2022 and is rarely used in modern legitimate workbooks.
Malformed OOXML package with recoverable local headers low OOXML_MALFORMED_ZIP_LOCAL_HEADERS

The OOXML ZIP central directory is invalid or missing, but local file headers expose a recoverable Office package. This can create parser divergence between tolerant Office/ZIP readers and scanners that rely only on the central directory.

Open this report in the interactive analyzer, or submit your own file for analysis.