MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic for Applications
T1204.002 Malicious File
The critical heuristic 'OOXML_XLM_MACROSHEET' indicates the presence of Excel 4.0 macros. These macros appear to be designed to download and execute a secondary payload, as suggested by the embedded file names like '72696669.dat' and the potential path 'C:\Rujiky\Ubadada\Vertu.ooocxx'. The ClamAV detection further confirms its malicious nature as a downloader.
Heuristics 3
-
Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
-
ClamAV: Xls.Downloader.GreenOffice12210-9918618-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Downloader.GreenOffice12210-9918618-0
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.bin24683ff192d5ff2bf2f841df675e1bec8a46ae42de534fcdbc64fb77dd4f33a5 |
ooxml-ole-object | OOXML embedded OLE part: xl/embeddings/oleObject2.bin | 4465152 bytes |
emf_00.emf481999fdbcc1fde5a4e3a4e9970e4bbf3c8dbeb2e2a366cc840aa848993159f4 |
ooxml-emf | OOXML EMF part: xl/media/image2.emf | 2159428 bytes |
xlm_sheet_00.bin6b81c949aeb8cc1680b035b1f27b241cd1f2f5d1dbdc301b1e32b5ea5bd4b23d |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet1.bin | 3304 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.