Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 b9466db9f4186174…

MALICIOUS

Office (OOXML)

33.0 KB Created: 2006-06-22 13:45:56 UTC Authoring application: Microsoft Excel 15.0300 First seen: 2021-04-25
MD5: d54de70a3736c0499644859559ecc8fc SHA-1: d9c7cd75e62a14b5b0f877b31113e13742af7e36 SHA-256: b9466db9f418617438dfd9c5c3f8761dcc51b07cda5ded71a7c5ebfdb7227ecb
62 Risk Score

Heuristics 2

  • Spreadsheet DDE link launches a dangerous command critical OOXML_SPREADSHEET_DDE_MALICIOUS
    Excel workbook contains an externalLinks/ddeLink entry whose ddeService/ddeTopic launches a dangerous executable. This is SpreadsheetML DDE command execution, distinct from WordprocessingML DDE field instructions.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://tubercur.ru/site_dk.html In document text (OOXML body / shared strings)