Office (OLE) / .XLS malware analysis — malicious · 1ea3d9b82c23425d

MALICIOUS

Office (OLE) / .XLS

302.0 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 0c1733b4add4e053ea58d6fb547c8759 SHA-1: a1436cc0d412f9a43ae7fefdd0b7815ff63b2fe8 SHA-256: 1ea3d9b82c23425d78864429de81f8575826efcdaf4df35429a35771fdc1a600

80 Risk Score

Malware Insights

The sample is an OLE Excel file with a significant amount of slack space, indicating potential obfuscation or embedded malicious content. The PEB access heuristic suggests attempts to manipulate process information, often a precursor to payload execution or evasion. Without a document body or scripts, the exact attack vector is unclear, but the heuristics point towards a malicious document designed to exploit vulnerabilities or download further stages.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 309,248 bytes but its declared streams total only 24,565 bytes — 284,683 bytes (92%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.