Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 b4929e77712cf280…

MALICIOUS

Office (OLE) / .XLS

1.53 MB Created: 2008-02-27 20:39:54 Authoring application: Microsoft Excel
MD5: 4985ee55d40c34933c06a14b14b0a9d3 SHA-1: f392ae7ca4c42ffde670aca248b1c5d9238dc82b SHA-256: b4929e77712cf280825882121ad72e716bba070defcf150012b8549e4a4599cf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly indicates that this is a legacy Excel formula macro virus. The presence of VBA-related strings like 'XL4Test5', 'XL4Poppy', and the file path 'C:\Documents and Settings\Hung Anh\Application Data\Microsoft\Excel\XLSTART\Book1.' suggests the macro attempts to infect other workbooks, likely for propagation. The document body contains what appears to be educational data, but the macro functionality is the primary indicator of malicious intent.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.