.. /.Xll

Executable
Phishing
Native
Double Click

Author:

Xavier Mertens - @xme

Description:

XLL or Excel Add-In are DLLs (PE files) that are loaded into Excel to add powerful features. Once loaded the DLL code will be executed and may content malicious actions.

OS:

Windows

Recommendation:

Break the link between the file extension and Excel in the registry (ex: open the file with Notepad instead)

Resources:

https://isc.sans.edu/forums/diary/Downloader+Disguised+as+Excel+AddIn+XLL/28052/

File Samples:

https://bazaar.abuse.ch/sample/f00154ced8148e4866340673268f47b9b41b53925410e6e45ba75140652dfcaf/

Contributions: