Office (OLE) / .XLSX malware analysis — malicious · b4a56ed14c0221b6

MALICIOUS

Office (OLE) / .XLSX

192.0 KB Created: 2021-02-23 19:19:01 Authoring application: Microsoft Excel

MD5: 8aac01c43ee628c1c99a01d384537602 SHA-1: 8aeb4a0de95ca9fca669b954908c580a9d8845c7 SHA-256: b4a56ed14c0221b6e12c5091b81d340d635f504a851e4f67cce1c40cdc3b7449

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The presence of encrypted Excel 4.0 macros (XLM) is a strong indicator of malicious intent. The 'OLE_XLM_ENCRYPTED_MACROSHEET' and 'OLE_XLM_AUTOOPEN' heuristics confirm this. While no specific payload or URL was extracted, the macro sheet's structure suggests it's designed to execute code upon opening, likely for further exploitation or malware delivery.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.