Office (OLE) malware analysis — malicious · a25027fc94c82d3b

MALICIOUS

Office (OLE)

388.0 KB Created: 2002-01-23 07:27:39 Authoring application: Microsoft Excel

MD5: 194737483f6e34bdaa6b7a170a810859 SHA-1: e35e1733879f24c3af3c2982528aa2074e44ea01 SHA-256: a25027fc94c82d3bf7f01bc2a97d6f51914fb958c2cb5103d401b28d6141c76f

68 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as a legacy Excel formula macro virus (XF.Classic) by the 'OLE_XLS_FORMULA_MACRO_VIRUS' heuristic. The embedded document body contains strings related to this virus, including its name and authoring group. The virus's purpose is to infect other Excel workbooks, as indicated by the presence of strings like 'Add New Workbook, Infect It, Save It As Book1.xls' and 'Infect Workbook'. No other malicious behaviors were detected.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
VBA project contains no executable statements low OLE_VBA_MACROS

Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `868f15ec582d44ee91256c5da3f93566f84f0c5ac74f388506a7eaf07e30c745`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	908 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.