Office (OLE) / .XLS malware analysis — malicious · 54c3e76f3f9a9db1

MALICIOUS

Office (OLE) / .XLS

1.06 MB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 8de6b6422a7b8008bd33e2b95d825f7e SHA-1: 08dc4cf61a31c824b057f3a1cd5243164047c44d SHA-256: 54c3e76f3f9a9db15280f68e16a3d4480fae1513e5fe516e8242df9cc9d07a32

80 Risk Score

Malware Insights

The OLE document exhibits a significant slack space anomaly, with over 98% of the file being unaccounted for, suggesting the presence of hidden malicious code. Additionally, a PEB access heuristic was triggered, indicating potential anti-analysis or evasion techniques. No specific family could be identified, and no document body or scripts were available for further analysis.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 1,116,160 bytes but its declared streams total only 24,565 bytes — 1,091,595 bytes (98%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.