Office (OLE) / .XLS malware analysis — malicious · 9b5896a52f485531

MALICIOUS

Office (OLE) / .XLS

60.9 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 34748bcddb3959243b7f72f841b827ef SHA-1: d7ddbd8f9076e87e5fd38b3d4989316174275cc0 SHA-256: 9b5896a52f48553112521e4a276e70eb00519a185e995b97dc1a73f1f8d2ee7d

80 Risk Score

Malware Insights

The sample is a malicious Excel spreadsheet identified by a high-severity OLE slack anomaly and a GetPC stub heuristic. These indicators suggest the presence of embedded malicious code, likely within VBA macros, although no specific script content was extracted. The file's age and lack of specific exploit indicators make precise family attribution difficult.

Heuristics 2

x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EDI)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 62,346 bytes but its declared streams total only 24,565 bytes — 37,781 bytes (61%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.