Office (OLE) / .XLS malware analysis — malicious · ba3f2df0caae645a

MALICIOUS

Office (OLE) / .XLS

1.57 MB Created: 2010-06-12 03:03:29 Authoring application: Microsoft Excel

MD5: 83c96776ba458c2edb7db395e69170d9 SHA-1: 9bf862c4ae9cb7c6fb0ea95c974b12a3136a5fd9 SHA-256: ba3f2df0caae645a22f801d739ebae35bbad770b0741cc72c80c3066eefe4ca2

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1059.001 PowerShell

The file is a legacy Excel 4.0 (XLM) spreadsheet containing an Auto_Open macro. The macro sheet includes a marker indicative of the XLM legacy macro-virus family. The `RUN($B$1)` command within the macro suggests it is intended to execute arbitrary code, likely a second-stage payload. The document body contains what appears to be technical data unrelated to the macro's execution.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.