Xls.Downloader.94c25b356b5a6cac-9978798-0 Office (OOXML) / .XLSX malware analysis — malicious · 2ab9cef4eb1f17fe

MALICIOUS

Office (OOXML) / .XLSX

173.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2023-08-20

MD5: 0a6acbce22b3e7ce593b4f7755261b0a SHA-1: 4efd3ef7264c44b0b2d61513209390ed0d31a7a8 SHA-256: 2ab9cef4eb1f17fea1400f0f07bb1b6cdb20fd815d9b82fccf613fd451932802

80 Risk Score

Malware Insights

Xls.Downloader.94c25b356b5a6cac-9978798-0 · confidence 95%

MITRE ATT&CK

T1559 Component Object Model Hijacking T1559.001 Component Object Model Hijacking: Component Object Model Hijacking

The critical ClamAV heuristic identified the file as 'Xls.Downloader.94c25b356b5a6cac-9978798-0', indicating its function as a downloader. The presence of an embedded OLE object further supports this, as such objects are frequently used to host and execute malicious code. The file's SHA256 hash is provided as a primary indicator.

Heuristics 2

ClamAV: Xls.Downloader.94c25b356b5a6cac-9978798-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Downloader.94c25b356b5a6cac-9978798-0
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `b84b88bd720a977c0ca6bc0f4370613477163537e2cde8c6b663e35def093106`	ooxml-ole-object	OOXML embedded OLE part: xl/embeddings/Microsoft_Office_Excel_Worksheet1.xlsx	7880 bytes
`emf_00.emf` `17918de803c9609ab1d8bf011fc75835e43ff490299d7d67eab7f550e1fc0968`	ooxml-emf	OOXML EMF part: xl/media/image4.emf	321644 bytes
`emf_01.emf` `1ab8f5abd845ffd0c61a61bb09bfcf20569b80b4496bccb58c623753cf40485c`	ooxml-emf	OOXML EMF part: xl/media/image3.emf	4056 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.