Office (OLE) / .AAA malware analysis — malicious · 1e94fb67a4336360

MALICIOUS

Office (OLE) / .AAA

111.4 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 276c35a0b699a6a6ae0a7aedbbdca24c SHA-1: 51bb3cfcc24267dcbd2a56570d3362d605c0aca0 SHA-256: 1e94fb67a4336360959e1f03306b4937bdb51c24c0319d06f7a187bcace016cb

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The sample is an Excel OLE file exhibiting a significant slack anomaly and a GetPC stub, both indicative of malicious intent. While no specific document body content or scripts were extracted, these structural anomalies strongly suggest the file is a loader or exploit container. The confidence is moderate due to the lack of more specific indicators.

Heuristics 2

x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EDI)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 114,058 bytes but its declared streams total only 24,565 bytes — 89,493 bytes (78%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.