Office (OLE) / .XLS malware analysis — malicious · 430b80058a14f3b6

MALICIOUS

Office (OLE) / .XLS

70.9 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 725212ab46287e136ab3a92785795c16 SHA-1: 25d50a36b93c71bbf0257973a37e9dca78dd1791 SHA-256: 430b80058a14f3b6d8c61980445ad8ac36a97dbbfcc40d4b8ccb4b733e920282

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The file is an OLE Excel spreadsheet with a significant amount of slack space, indicating potential obfuscation or embedded malicious content. The 'x86 GetPC stub' heuristic suggests the presence of executable code, likely a macro, designed to be run. While no specific payload or delivery mechanism is evident from the provided data, the combination of these factors strongly suggests a malicious intent, possibly for initial access or payload delivery.

Heuristics 2

x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EDI)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 72,628 bytes but its declared streams total only 24,565 bytes — 48,063 bytes (66%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.