Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 63538bf46f9702ef…

MALICIOUS

Office (OOXML)

9.0 KB Created: 2015-06-05 18:19:34 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2020-11-05
MD5: fd938eb2c06bc9559cf59d1ad7677e7b SHA-1: fa99ae3cedbfa33b25280004aba2bd071a20275b SHA-256: 63538bf46f9702ef15fb345fc7ffe84bb7fec4b676b71046363486c6a988117b
60 Risk Score

Heuristics 1

  • Spreadsheet DDE link launches a dangerous command critical OOXML_SPREADSHEET_DDE_MALICIOUS
    Excel workbook contains an externalLinks/ddeLink entry whose ddeService/ddeTopic launches a dangerous executable. This is SpreadsheetML DDE command execution, distinct from WordprocessingML DDE field instructions.