Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 de70f31a43e2c2f0…

MALICIOUS

Office (OOXML)

7.4 KB Created: 2017-11-04 20:08:06 UTC Authoring application: Microsoft Excel 14.0300 First seen: 2021-01-23
MD5: a7ad47c10d019728d9f02f25684aa4de SHA-1: d31a2086796dc6712b63915a0aebb506da40c9ff SHA-256: de70f31a43e2c2f0b9be8ac78fa58ce4b86e2dd1228dce1b4346bf0ffc7f9321
82 Risk Score

Heuristics 3

  • ClamAV: Ppt.Exploit.CVE_2017_0199-6336815-3 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Ppt.Exploit.CVE_2017_0199-6336815-3
  • External relationship medium OOXML_EXTERNAL_REL
    External target in xl/externalLinks/_rels/externalLink1.xml.rels: script:http://thankyoujesusforeverything.com/vistra/kreet.xml
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://thankyoujesusforeverything.com/vistra/kreet.xml OOXML external relationship

Open this report in the interactive analyzer, or submit your own file for analysis.