Office (OLE) / .XLS malware analysis — malicious · b72fdff4f551dd0b

MALICIOUS

Office (OLE) / .XLS

695.5 KB Created: 2003-07-13 10:17:32 Authoring application: Microsoft Excel

MD5: 4031643f33f9ee3221455c1d5c154f48 SHA-1: 3d79c5e35fc4f84a7cb8899e9ecbfc6d48951b96 SHA-256: b72fdff4f551dd0b0fa6ebcd38a4892920a9cd8679ed7c7d2b976049e9f6d613

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is identified as a legacy Excel Formula Macro Virus (XF.Classic) by multiple critical heuristics. The document body indicates it is an 'Antivirus Bait file' and mentions infection routines. The heuristics and document body suggest the macro is designed to infect other workbooks and potentially deliver a payload, as indicated by the presence of 'Simple Payload' and infection markers.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.