Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 c5b08b920de5b796…

MALICIOUS

Office (OLE)

171.5 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel First seen: 2015-09-30
MD5: 95d22e887f870ec71db7488ffb9c92b0 SHA-1: eb073b3bd10dae3ccd3da657f28f7661c95cccc3 SHA-256: c5b08b920de5b796d90e3390d636bd4a5bf3e5c778f22ccc35788425f0b3a0f5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an OLE file containing Excel 4.0 macros, indicated by the OLE_XLM_AUTOOPEN heuristic. The presence of SC_STR_WSCRIPT suggests the macro may leverage Windows Script Host to execute commands or download additional content. The document body contains what appears to be technical data related to road construction, likely a lure to disguise the malicious macro's true purpose.

Heuristics 2

  • Reference to Windows Script Host high SC_STR_WSCRIPT
    Reference to Windows Script Host
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.