Office (OOXML) / .XLSX malware analysis — malicious · c5cfc6fe448b32b9

MALICIOUS

Office (OOXML) / .XLSX

1.20 MB Created: 2015-06-05 18:19:34 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2022-05-03

MD5: f082367a1be4aa72c07c598a00c87b20 SHA-1: 8555bbd699d6eed4e2deb5b98e0f52eaa0d9ad57 SHA-256: c5cfc6fe448b32b9e3d7001b9ca693e9aec9930c645849e7735e3eaed2de342c

120 Risk Score

Heuristics 2

Excel 4.0 macro sheet (3 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
ClamAV: Xls.Downloader.Emotet-OOXML_XL-af43432fbcb8603c-9980048-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Downloader.Emotet-OOXML_XL-af43432fbcb8603c-9980048-0

Extracted artifacts 4

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`emf_00.emf` `39b5bc2fae3ca399c730a72513cf632b197a6280186bf539b67779302baad98a`	ooxml-emf	OOXML EMF part: xl/media/image2.emf	6145428 bytes
`xlm_sheet_00.bin` `a9f868269522898a013d877df811244a7fe65164efad127dc9f4af597e91e4a1`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	1034 bytes
`xlm_sheet_01.bin` `06a3941443f7553c10c77f933201f355688955904dc3fb37b7e7d4d0769fd904`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet2.bin	3422 bytes
`xlm_sheet_02.bin` `ba2933b2ed60c56d54a4b46781f406bf9d5492b9a63d3e7a62e3a83c1877a9a2`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet3.bin	1340 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.