Office (OLE) / .XLS malware analysis — malicious · 3d746f717796799f

MALICIOUS

Office (OLE) / .XLS

84.0 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 9cebdcecde55d712d774b77677850a1e SHA-1: c87d3006799023c7c66df0880a2d0143440f530c SHA-256: 3d746f717796799f8199154a093866a21680de61524f512f7af001590545579a

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The file is an XLS spreadsheet with a significant amount of slack space, indicating potential for embedded malicious content or exploit code. The PEB access heuristic suggests an attempt to interact with the process environment, likely to facilitate an exploit. While no specific exploit or payload is directly identified, the combination of these factors points to a malicious document designed to leverage an unknown vulnerability.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 86,016 bytes but its declared streams total only 21,308 bytes — 64,708 bytes (75%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.