Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 2e1733fcc0a91bd8…

MALICIOUS

Office (OOXML) / .XLSX

160.0 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 15.0300 First seen: 2026-05-20
MD5: 57ee8c218d39680323a3c2d7bd75d342 SHA-1: 08e0af6c21e8628b265258391a62b73917cb9159 SHA-256: 2e1733fcc0a91bd872b227e3eefa4088bbe25b3abf047a8c413960c99f3d7369
120 Risk Score

Heuristics 2

  • Excel 4.0 macro sheet (1 sheet(s)) critical 1 related finding OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks.
  • Excel 4.0 macro sheet stored under disguised package path critical OOXML_XLM_DISGUISED_RELATIONSHIP
    OOXML package declares an xlMacrosheet relationship whose target is outside the canonical xl/macrosheets/ path. Excel follows the relationship type, while path-only scanners can miss the macro execution surface.