Office (OLE) / .XLS malware analysis — malicious · deb8ef69fdc1752a

MALICIOUS

Office (OLE) / .XLS

276.0 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel

MD5: 3c3fa20e1fc1e682c6f8af013fa3af21 SHA-1: 30674f725cc75cf0444561f5ac83fc5e995ec10c SHA-256: deb8ef69fdc1752a8f9fd8d4024a8b656467815e4af5a10a1a870de6f6849333

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an encrypted Excel 4.0 macro sheet, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET heuristic. The OLE_XLM_AUTOOPEN heuristic suggests that macros are present and likely intended to execute automatically upon opening. The document body is heavily obfuscated and unreadable, providing no further context on the specific lure or payload. Due to the encryption and lack of readable content, the exact attack pattern and family cannot be definitively determined, but the presence of encrypted XLM macros strongly suggests malicious intent for payload delivery.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.