Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 b25217f1a18a458c…

MALICIOUS

Office (OOXML) / .XLSX

220.8 KB Created: 2013-08-21 23:02:00 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2026-05-13
MD5: 67286a1a920fe0ed94fae5cea0ba497d SHA-1: 00eb57098be03958fd324cc11437ddf7de9a81e4 SHA-256: b25217f1a18a458c73247bd15dcad39d88a2f0f4c1638494245ad065c30a2002
68 Risk Score

Heuristics 3

  • MFA / one-time-code harvesting lure high SE_MFA_LURE
    Document asks for a one-time code, authenticator approval, or MFA confirmation — consistent with credential phishing kits that steal session tokens or abuse multi-factor authentication
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object
  • Fake invoice / payment lure low SE_INVOICE_LURE
    Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin ooxml-ole-object OOXML embedded OLE part: xl/embeddings/Microsoft_Office_Excel_Worksheet1.xlsx 8886 bytes
SHA-256: 1e20c6ccd549d20ea0ac6826382651c881fb14c89236084a60624d2423873bdc
emf_00.emf ooxml-emf OOXML EMF part: xl/media/image1.emf 1438840 bytes
SHA-256: 6c5649bab02ef9a1718ed6eb59b10f1d82335079162c36812292b43b5442cf0b