Office (OOXML) / .XLSX malware analysis — malicious · 21d7b36421b05848

MALICIOUS

Office (OOXML) / .XLSX

2.80 MB Created: 2025-09-10 01:57:00 UTC Authoring application: Microsoft Excel 15.0300

MD5: 757ea6908dd12b6a300c485050eeed89 SHA-1: 8e691553db70a0c41330afa608ff9668cdf6dfd8 SHA-256: 21d7b36421b05848b4ffdf44e2e5b73ae7f6fe519e9afc958c9b06252f2625cc

100 Risk Score

Heuristics 3

Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR

Embedded OLE object xl/embeddings/PL.3H9jdRD contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
NOP sled detected high SC_NOP_SLED

Found 20+ consecutive 0x90 bytes
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `5175819c2c50c53e85aec1eb7596fedd68d7b43155cd9f7906a9930db59b9770`	ooxml-ole-object	OOXML embedded OLE part: xl/embeddings/PL.3H9jdRD	2857472 bytes
`ooxml_oleobject_00_ole10native_00.bin` `a58676ccec0905cb7f5e5f35cfef45e6c172b4c7970aa700a2d58d00103977f1`	ole-package	OOXML xl/embeddings/PL.3H9jdRD Ole10Native stream: OlE10natIVE	2832567 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.