Office (OLE) / .XLS malware analysis — malicious · afd10268d9ea5770

MALICIOUS

Office (OLE) / .XLS

129.0 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 2e7b2bc8c96244f83aa7ed75cc59502d SHA-1: 522e594df349cc5ca69c2c848e4d5c70c00fc467 SHA-256: afd10268d9ea5770042c0be7c66c855bfcaca31d48289b3806ff51db617b4832

80 Risk Score

Malware Insights

The sample is a malicious Excel file exhibiting an OLE slack anomaly and a GetPC stub, indicative of potential code execution. While no specific payload delivery mechanism is evident from the limited heuristics, these indicators suggest the file is designed to exploit vulnerabilities or execute arbitrary code. No scripts were extracted from this sample.

Heuristics 2

x86 GetPC stub (CALL $+5; POP EDI) high SC_GETPC_CALL

x86 GetPC stub (CALL $+5; POP EDI)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 132,058 bytes but its declared streams total only 24,565 bytes — 107,493 bytes (81%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.