Office (OLE) / .XLS malware analysis — malicious · c5319187fae5cf97

MALICIOUS

Office (OLE) / .XLS

284.0 KB Created: 2020-04-23 12:26:24 Authoring application: Microsoft Excel

MD5: a50c6c886d225ad55a167be738f13258 SHA-1: e73eb72afbc89a834a629095bd98fd93959db010 SHA-256: c5319187fae5cf975654cbdf041dd8fe5993e4ca9034bf517be82a2d16a0cd4c

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The critical ClamAV heuristic indicates this is a malicious Excel 4.0 macro sheet, specifically identified as 'Xls.Dropper.Agent-8102690-0'. The presence of encrypted Excel 4.0 macros and the 'AUTOOPEN' heuristic strongly suggest that the sheet is designed to execute malicious code upon opening. While the document body is unreadable, the heuristics point to a dropper functionality, likely downloading and executing a second-stage payload.

Heuristics 3

ClamAV: Xls.Dropper.Agent-8102690-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Agent-8102690-0
Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.