Office (OLE) / .XLS malware analysis — malicious · b2a32934d6e3e47c

MALICIOUS

Office (OLE) / .XLS

176.0 KB Created: 2021-02-23 19:19:01 Authoring application: Microsoft Excel

MD5: b35d70ece32c079417f4b28485f0085e SHA-1: c055588f58b91e45d9fb21ee5da30eaadc73eb54 SHA-256: b2a32934d6e3e47c0cb66cce607bd8faf500355cc32ef31659c8cf9b5a282323

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an encrypted Excel 4.0 macro sheet, a common technique for delivering malicious payloads. The presence of an 'AUTOOPEN' macro further suggests that the sheet is designed to execute automatically when the file is opened. Due to the encrypted nature of the macro sheet, specific actions could not be determined, but the overall pattern points to a downloader or initial execution stage.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.