Office (OLE) malware analysis — malicious · a6bfa15a5520c9e7

MALICIOUS

Office (OLE)

1.65 MB Created: 2009-02-20 07:57:59 Authoring application: Microsoft Excel

MD5: 2408b2ecca911d129cbd91e27a6f98c9 SHA-1: 201746130efd3fb0d0609e68f4467df85250dbda SHA-256: a6bfa15a5520c9e7a7f915c75a27a8c6603ad9cfe267910417228f0d1996e68e

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is identified as a malicious Excel file due to the presence of legacy XLM macros, specifically triggering 'OLE_XLM_AUTOOPEN' and 'OLE_XLM_LEGACY_MACRO_VIRUS' heuristics. These indicators point to older macro-based malware execution methods. No specific family could be identified, and no external IOCs like URLs or hashes were extracted from the provided evidence.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.