MALICIOUS
140
Risk Score
Malware Insights
The sample is an Office document that is both password-encrypted and malformed, indicating an attempt to hinder analysis. The critical OLE_ENCRYPTED_AND_MALFORMED heuristic firing suggests structural corruption within the encrypted package. While no document body or scripts were extractable due to encryption, the combination of encryption and malformation points to a malicious intent, likely to evade detection or obfuscate a secondary payload.
Heuristics 4
-
Encrypted Office package with CFB FAT corruption critical OLE_ENCRYPTED_AND_MALFORMEDEncrypted-package shape co-occurs with FAT-chain corruption — the documented combined evasion form.
-
Encrypted Office package with non-block-aligned cipher high OFFICE_ENCRYPTED_PACKAGE_MALFORMEDEncryptedPackage cipher body is 322,040 bytes — not a multiple of the 16-byte AES block size.
-
Office document is password-encrypted medium OFFICE_ENCRYPTED_PACKAGEOLE container holds MS-OFFCRYPTO encrypted package (Standard Encryption (Office 2007+, AES-128)).
-
Office OOXML encrypted with default VelvetSweatshop password medium OFFICE_DEFAULT_PASSWORD_ENCRYPTED_OOXMLOLE EncryptedPackage decrypts with Excel's built-in VelvetSweatshop password. Office opens this transparently, and malware uses it to hide OOXML exploit parts from scanners that only inspect the outer OLE container.
Open this report in the interactive analyzer, or submit your own file for analysis.