Office (OLE) / .XLS malware analysis — malicious · dc14d1aee6b3cc44

MALICIOUS

Office (OLE) / .XLS

4.47 MB Created: 2005-02-13 07:39:45 Authoring application: Microsoft Excel

MD5: 59b3609efddcf72979c3ad46eb20692b SHA-1: fb3e7eb47cd1a8e7bbc5807f127331b9e00d0c43 SHA-256: dc14d1aee6b3cc44b60177ea846496ea5c83fec6a68adf0616cbe40fd234f33a

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is an Excel XLS document containing legacy XLM macros, indicated by the OLE_XLM_AUTOOPEN and OLE_XLM_LEGACY_MACRO_VIRUS heuristic firings. The Auto_Open macro sheet suggests it executes automatically upon opening. The document body contains extensive lists of stock symbols from Vietnamese exchanges (HOSTC and HASTC), which is a common lure for financial scams or phishing attempts. No specific IOCs like URLs or hashes were extracted, but the presence of legacy macro technology and the stock list content strongly suggest malicious intent.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.