Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 edbc4d1831d7f3e7…

MALICIOUS

Office (OLE)

4.35 MB Created: 2008-07-14 06:18:03 Authoring application: Microsoft Excel
MD5: b49ef94c683dd1037e73f3a4cd7a4c40 SHA-1: affa34e39904a91ab280437b00f29e257be2e07a SHA-256: edbc4d1831d7f3e7a7e48ef5072d93999e2b13e473cc393e172def084ff1582b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter

The file is identified as a malicious Excel document due to the presence of a legacy Excel formula macro virus marker. This specific marker, 'OLE_XLS_FORMULA_MACRO_VIRUS', suggests the file contains or is associated with older forms of macro-based malware. The extracted IOCs are names associated with this specific type of threat. The document body appears to be financial or operational data, which is likely a lure to disguise the malicious nature of the file.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.