user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Virus:X97M/Slacker.gen!E
Virus:X97M/Slacker.gen!E - Windows Defender threat signature analysis

Virus:X97M/Slacker.gen!E - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Virus:X97M/Slacker.gen!E
Classification:
Detection Type:Unknown
Suffix:!E
Confidence:Medium
False-Positive Risk:Low
Summary:

This is a generic detection for an X97M macro virus, an older malware type that spreads via Microsoft Excel documents. The virus infects other workbooks by copying its own VBA macro code into them and achieves persistence by saving an infected file to the Excel startup folder.

Severity:
Medium
VDM Static Detection:
Relevant strings associated with this threat:
 - If w2.Lines(1, 1) <> "'OOO" Then (MACROHSTR_EXT)
 - If UCase(Dir(Application.StartupPath + "\book1.")) <> "BOOK1" Then (MACROHSTR_EXT)
 - xlCM.InsertLines 1, w1.Lines(1, w1.CountOfLines) (MACROHSTR_EXT)
 - xlWB.SaveAs  (MACROHSTR_EXT)
 - ame:=Application.StartupPath + "\Book1.", FileFormat:=xlNormal, AddToMru:=False (MACROHSTR_EXT)
 - mFileName = "C:\TMP\" + oldname (MACROHSTR_EXT)
Known malware which is associated with this threat:
Filename: 202511 英国航空账单.xls
521ccb769a6053c2e2beb9c9deadf70f525b1be8ef30afe5e6d9cb2fca7fb7bb
18/11/2025
VirusTotalDownload Sample
Remediation Steps:
Quarantine and remove the detected file. Check the Excel startup directory for suspicious files (e.g., 'Book1.') and delete them. Ensure Office Macro Security settings are configured to disable macros from untrusted sources.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 18/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$