Office (OLE) malware analysis — malicious · ad5fad60fedba791

MALICIOUS

Office (OLE)

226.0 KB Created: 2009-01-05 13:07:28 Authoring application: Microsoft Excel

MD5: 03213abc31202e56b4a43fe1bc27a45d SHA-1: 7adb64e2bd62147d121daeeb6a3656648663c67d SHA-256: ad5fad60fedba791e57983c180fa2a85c614257ea9523b0d218d1b85e4f64330

140 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Service Execution: Visual Basic T1566.001 Phishing: Spearphishing Attachment

The critical heuristics indicate the presence of legacy Excel 4.0 macros and a known malware marker ('Win.Trojan.Classic-1'). The document body contains financial-like data, suggesting a potential lure for financial information theft or manipulation. The macro sheet marker and ClamAV detection strongly point to malicious intent.

Heuristics 3

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
ClamAV: Win.Trojan.Classic-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Classic-1
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.