Office (OLE) / .XLS malware analysis — malicious · 27eba2d510f37ee3

MALICIOUS

Office (OLE) / .XLS

181.9 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: e0eb8015b876530c48f097a7c0b5ff0a SHA-1: 50d261695a639577a7ad403ef2f9df9989930c00 SHA-256: 27eba2d510f37ee3193cf0b4cc5e94a0ca1207aaef55ff0f964ec7a1477bfffe

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious File T1204.002 Malicious File: Malicious Attachment

The file is an OLE Excel spreadsheet with a large slack space anomaly, indicating potential obfuscation or embedded malicious content. A high-severity heuristic firing for PEB access suggests an attempt to evade detection or exploit a vulnerability. While no specific document body content or scripts were extracted, the combination of these factors strongly suggests a malicious intent, likely involving exploitation of the Excel application itself to download and execute a secondary payload.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 186,310 bytes but its declared streams total only 21,308 bytes — 165,002 bytes (89%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.