Office (OLE) / .XLS malware analysis — malicious · e0df76e2a4b60fd7

MALICIOUS

Office (OLE) / .XLS

287.5 KB Created: 2020-04-23 12:26:24 Authoring application: Microsoft Excel

MD5: 5976b3f04c221be00cd784fa15f7ae7c SHA-1: 607bbc1946b6f4f5f4ef943ef6460b0f6836a27d SHA-256: e0df76e2a4b60fd7eeebb57337e8a91f66c2d88a9750d30a3ce5e162d3f9436f

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is an encrypted Excel 4.0 macro sheet, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET heuristic. ClamAV detection confirms it as 'Xls.Dropper.Agent-8019486-0', suggesting it acts as a dropper. The presence of an encrypted macro sheet and the dropper classification strongly indicate a malicious intent to download and execute a secondary payload.

Heuristics 3

ClamAV: Xls.Dropper.Agent-8019486-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Agent-8019486-0
Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.