I came across another intriguing file that utilizes, once again, steganography. It appears to be a recurring theme (refer to one of my earlier diaries[1]). The file in question is a harmful Excel spreadsheet named blcopy.xls. Office documents are uncommon these days due to Microsoft enhancing the guidelines to permit automatic macro execution[2]. However, this does not imply that Office files cannot run harmful code. In the sample I discovered (SHA256:c92c761a4c5c3f44e914d6654a678953d56d4d3a2329433afe1710b59c9acd3a), there are additional embedded XLS sheets: