Office (OLE) / .XLS malware analysis — malicious · d07d3d389f6e9251

MALICIOUS

Office (OLE) / .XLS

84.0 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 8781d5b673e640661cd6b1f8b6e7d9c1 SHA-1: 2ff81d8a09c87206e633d63053e4fd01623e0f05 SHA-256: d07d3d389f6e925129980bab296d4cabb7bbbecacdfa9a321366e0bf74cbbbeb

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The file is an XLS document with a large slack space anomaly, indicating potential obfuscation or embedded malicious content. The heuristic firing 'SC_PEB_ACCESS' suggests the sample attempts to interact with the Process Environment Block, often used for anti-analysis or payload execution. The document body presents as a series of application forms, a common lure for social engineering attacks.

Heuristics 2

PEB access via FS segment (x86) high SC_PEB_ACCESS

PEB access via FS segment (x86)
OLE document has large unaccounted-for region high OLE_SLACK_ANOMALY

OLE file is 86,016 bytes but its declared streams total only 21,308 bytes — 64,708 bytes (75%) live in unallocated sector slack. This is the canonical hiding place for pre-macro-era Office exploit payloads (XOR-encoded shellcode reached via a parser pointer-corruption bug in the document structure).

Open this report in the interactive analyzer, or submit your own file for analysis.