Office (OLE) / .XLS malware analysis — malicious · b4403a9130155077

MALICIOUS

Office (OLE) / .XLS

3.25 MB Created: 2007-04-02 06:17:02 Authoring application: Microsoft Excel

MD5: 09752d8e2ad0998e1d8b6ca014c49187 SHA-1: 2ba74af263cfced3530c9c99ffadbb52b2e9b592 SHA-256: b4403a91301550770ea665493108e9778379c11675a04c6ddd9dac2defeacb0e

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Service Execution: Visual Basic

The file is an Excel 4.0 (XLM) spreadsheet containing legacy macro virus markers, indicating it is designed to propagate and infect other files. The presence of Auto_Open and macro sheet markers strongly suggests malicious macro execution upon opening. The script comments explicitly state that the virus copies itself to the current directory with a timestamped filename, confirming its self-propagation intent.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.