Office (OLE) / .XLS malware analysis — malicious · fb66a2b7097b6b1c

MALICIOUS

Office (OLE) / .XLS

216.5 KB Created: 2020-09-23 01:01:35 Authoring application: Microsoft Excel

MD5: f1504970feab36895825ab7012948d70 SHA-1: 827a237e69c10be02c4f364ec4667576c1688ec3 SHA-256: fb66a2b7097b6b1c2283f2bf5d3a7855fa426561ec500b878cfb8c78ebc28684

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet identified as encrypted. The presence of an 'AUTOOPEN' heuristic indicates that macros are likely configured to run automatically when the document is opened. The encrypted nature of the macro sheet prevents further static analysis of its specific actions, but the overall pattern points to a malicious macro-based document.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.