Office (OLE) / .XLS malware analysis — malicious · 9de959c4c73c15ec

MALICIOUS

Office (OLE) / .XLS

181.5 KB Created: 2020-11-09 01:16:11 Authoring application: Microsoft Excel

MD5: c7da576e80d80021c53ec148b2ec03f1 SHA-1: 7e5eeda0f11e02901b10ba0a10db157473247c86 SHA-256: 9de959c4c73c15ecff7f991508c53c09bb4e135f2bf02dd073d08edc6bc7fecd

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet that is encrypted, as indicated by the OLE_XLM_ENCRYPTED_MACROSHEET heuristic. The presence of an auto-open macro (OLE_XLM_AUTOOPEN) suggests that the macro sheet is designed to execute automatically upon opening the file. While the document body is truncated and unreadable, the heuristics strongly suggest the file's purpose is to execute malicious code via Excel macros.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.