MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic for Applications
The sample is an Excel file identified as malicious due to the presence of Excel 4.0 macros. These macros are often used as a delivery mechanism for further stages of an attack, such as downloading and executing additional payloads. The heuristics indicate that the macro sheet is stored under a disguised path, suggesting an attempt to evade detection.
Heuristics 2
-
Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
-
Excel 4.0 macro sheet stored under disguised package path critical OOXML_XLM_DISGUISED_RELATIONSHIPOOXML package declares an xlMacrosheet relationship whose target is outside the canonical xl/macrosheets/ path. Excel follows the relationship type, while path-only scanners can miss the macro execution surface.
Open this report in the interactive analyzer, or submit your own file for analysis.