Office (OLE) malware analysis — malicious · eb747c2fe3b025b4

MALICIOUS

Office (OLE)

302.0 KB Created: 2020-07-15 07:56:55 Authoring application: Microsoft Excel

MD5: a881f97d1205ecbb875b2ab00bc966ed SHA-1: a90e41b0ddd2574bbf04bbeadf7dbc1ae407a421 SHA-256: eb747c2fe3b025b474a235947bb98244a27d2d9fa7c29a3e4d155c9d8b80df61

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as an encrypted Excel 4.0 macro sheet, which is a known technique for delivering malware. The ClamAV detection name 'Xls.Dropper.Agent-8885857-0' strongly suggests its function as a dropper. While no specific scripts or document body content were clearly extracted, the heuristic firings and the ClamAV signature indicate a malicious dropper functionality.

Heuristics 3

ClamAV: Xls.Dropper.Agent-8885857-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Agent-8885857-0
Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.