Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 dcfcdb24177eb814…

MALICIOUS

Office (OLE) / .XLS

215.0 KB Created: 2020-10-01 02:51:10 Authoring application: Microsoft Excel
MD5: 7df55bfb643872e29142586b961a4027 SHA-1: ab9798199c5ff11a84b4a4979683ba1fdd19efff SHA-256: dcfcdb24177eb8146b450684e91eebab8045add1980820de1a66e2e68e35a01c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet that is encrypted, which is a strong indicator of malicious intent. The presence of an 'AUTOOPEN' macro further suggests that malicious code is intended to execute automatically upon opening the document. The document body is unreadable binary data, providing no further context on the specific lure or payload.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.