Office (OLE) / .XLS malware analysis — malicious · cf10a8ef30987f2a

MALICIOUS

Office (OLE) / .XLS

189.5 KB Created: 2020-11-09 01:16:41 Authoring application: Microsoft Excel

MD5: ace638af849a461b5347a6a001d1dc01 SHA-1: 59af51e38d1058f4f9f83a7e899c48bd051126d8 SHA-256: cf10a8ef30987f2a2f6cfb732b8875f672b3a2a263fccd1541ebe0f94596b96d

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet that is encrypted, which is a strong indicator of malicious intent. The presence of an encrypted macro sheet suggests that the file is designed to execute arbitrary code upon opening. No specific family could be identified due to the encryption and lack of further script content.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.