Office (OLE) / .XLS malware analysis — malicious · 842f47d2ef6dce27

MALICIOUS

Office (OLE) / .XLS

181.9 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 79b28c2955e012157ff06a0d63d0e905 SHA-1: 0b72796e3bc7b7c87cb6efdbb8a0fe60edae8a24 SHA-256: 842f47d2ef6dce276974493efb0e792f7a0558348af3b629cc555d18c6429a84

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The sample is an OLE document with a large slack space anomaly, indicating potential obfuscation or embedded malicious content. The document body contains text that appears to be application forms for visiting relatives or property, suggesting a social engineering lure. The PEB access heuristic indicates potential anti-analysis or evasion techniques. While no specific malicious script or URL was extracted, the combination of heuristics and the nature of the document content points towards a phishing or information-gathering attack.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 186,310 bytes but its declared streams total only 8,192 bytes — 178,118 bytes (96%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.