Office (OLE) / .XLS malware analysis — malicious · c469f066df46e790

MALICIOUS

Office (OLE) / .XLS

72.0 KB Created: 2006-09-16 00:00:00 Authoring application: Microsoft Excel

MD5: 8d324a3310b6817abcf99cfc03aadafd SHA-1: c9e880fe3dcea9068bbbcf29bd5ce4a99c1b9bfa SHA-256: c469f066df46e79045f3947dc2a7034cbb564a62d756546408ff12e16c0f5fd4

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The sample is an Excel 4.0 (XLM) macro sheet, which is a strong indicator of malicious intent. The document body and heuristics indicate a lure to enable macros by impersonating a document signing service. This is a common technique for macro-based downloaders. No scripts were extracted, but the presence of XLM macros and the document signing lure suggest the primary goal is to trick the user into enabling content to download and execute a secondary payload.

Heuristics 3

Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
Document signing service impersonation lure medium SE_DOCUSIGN_LURE

Document impersonates DocuSign, Adobe Sign, or a similar signing service in a signing-request context

Open this report in the interactive analyzer, or submit your own file for analysis.