Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 4f64451c2511e278…

MALICIOUS

Office (OOXML) / .XLSX

10.6 KB Created: 2024-11-06 03:57:13 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2026-05-13
MD5: 6cd7530db4951294e7fe28719f306ef9 SHA-1: dbac02b5384c340135f397fd80379702cee0ef88 SHA-256: 4f64451c2511e27839dfb9107563bd00b9d56c109aff4f9d9c25479a103ff7e6
68 Risk Score

Heuristics 2

  • Spreadsheet DDE link launches a dangerous command critical OOXML_SPREADSHEET_DDE_MALICIOUS
    Excel workbook contains an externalLinks/ddeLink entry whose ddeService/ddeTopic launches a dangerous executable. This is SpreadsheetML DDE command execution, distinct from WordprocessingML DDE field instructions.
  • External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS
    Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: mailto:X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*