MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1059 Command and Scripting Interpreter
The sample is a malicious Excel OLE document. The presence of a 'x86 GetPC stub' heuristic firing suggests the potential for code execution or obfuscation within the document's structure. The large 'slack' space in the OLE document is also anomalous and can be used to hide malicious content. Without further script or body content, the exact attack vector is unclear, but it is likely designed to exploit a vulnerability or deliver a secondary payload.
Heuristics 2
-
x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALLx86 GetPC stub (CALL $+5; POP EDI)
-
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALYOLE file is 54,154 bytes but its declared streams total only 24,565 bytes — 29,589 bytes (55%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).
Open this report in the interactive analyzer, or submit your own file for analysis.