Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 a3d6d98567725d27…

MALICIOUS

Office (OLE) / .XLS

16.0 KB First seen: 2026-05-13
MD5: 711926c6d2a4626f098d3eb4cd4819a0 SHA-1: a37ddd00c1f493a71165f63260e67944421a0ab5 SHA-256: a3d6d98567725d271580e3264ce32e5f5298d9de52cbd5a0d69771087aa4e1a4
62 Risk Score

Heuristics 3

  • Reference to LoadLibrary API high SC_STR_LOADLIBRARY
    Reference to LoadLibrary API
  • CFB header with no readable streams medium OLE_PARSE_EMPTY_STREAMS
    The file begins with a valid OLE2/CFB header but exposes no directory streams. A non-empty compound document with an unreadable directory is anomalous — it is seen with truncated/corrupt files and, more importantly, with content deliberately shifted off byte boundaries to defeat parsers while the host application still recovers the object.
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    The Analyzer could not extract VBA macros: the document may be legacy, encrypted or malformed.