MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
The file is identified as malicious due to a critical heuristic firing for CVE-2009-3129, an Excel FEATHEADER record overflow vulnerability. This indicates the file is designed to exploit this specific flaw to achieve code execution. References to LoadLibrary and GetProcAddress APIs further support the likelihood of arbitrary code execution.
Heuristics 3
-
CVE-2009-3129 — Excel FEATHEADER record overflow critical CVE exact CVE_2009_3129Workbook BIFF stream contains a FEATHEADER (Feature Header) record with anomalous size (record_size=23, isf=2, cbHdrData=4294967295). Legitimate FEATHEADER records are tiny (<100 bytes) and carry cbHdrData values that fit in the record body; the value here is the documented CVE-2009-3129 exploit primitive — cbHdrData drives a memcpy with attacker-controlled size, leading to memory corruption and code execution in Excel 2007/2003.
-
Reference to LoadLibrary API high SC_STR_LOADLIBRARYReference to LoadLibrary API
-
Reference to GetProcAddress API high SC_STR_GETPROCADDRESSReference to GetProcAddress API
Open this report in the interactive analyzer, or submit your own file for analysis.