Office (OOXML) / .XLSX malware analysis — malicious · 263b3f3c5e91c8fe

MALICIOUS

Office (OOXML) / .XLSX

3.51 MB Created: 2025-10-08 01:54:00 UTC Authoring application: Microsoft Excel 12.0000

MD5: 085e2c75fd02e188ab9e7b542870288b SHA-1: bc1a757262290fa1a96503680a028a6df8e800f1 SHA-256: 263b3f3c5e91c8fe858803ceae4b268af40536487828cf980e8d6e4d793648c0

80 Risk Score

Heuristics 3

Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR

Embedded OLE object xl/embeddings/Qe.t5 contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `88f3d67942f01731752c0b80a03c215f9addcbd4c679c410cad5b36b60b97c30`	ooxml-ole-object	OOXML embedded OLE part: xl/embeddings/Qe.t5	3047936 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.