Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 d42ae18c037cd8ce…

MALICIOUS

Office (OLE) / .XLS

17.5 KB Created: 2010-09-10 17:31:30 Authoring application: Microsoft Excel
MD5: 4213c79e43a5e6d36de5358e1a0b4ef5 SHA-1: 9fc59c9081ae561e4a720ac2676410269b439177 SHA-256: d42ae18c037cd8ceb60dcfbd8c8f658d48d2cf54fada253a088bbcbee6dd1efc
140 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

Static analysis revealed multiple high-severity heuristic firings including NOP sleds, egg-hunter shellcode, and heap-spray patterns. These indicators suggest the file is designed to execute shellcode, likely to download and run a secondary payload. The presence of these low-level shellcode indicators without further context points to a dropper or downloader functionality.

Heuristics 4

  • NOP sled detected high SC_NOP_SLED
    Found 20+ consecutive 0x90 bytes
  • Egg-hunter shellcode pattern high SC_EGG_HUNTER
    Egg-hunter shellcode pattern
  • Heap-spray pattern detected high SC_HEAP_SPRAY
    Repeated 0x41 (A) bytes found
  • NOP-equivalent sled detected medium SC_NOP_EQUIV_SLED
    Long run of 0x41 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.