MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The sample is an Office document that is password-encrypted and malformed, indicating an attempt to hinder analysis. The combination of 'OFFICE_ENCRYPTED_PACKAGE' and 'OLE_ENCRYPTED_AND_MALFORMED' heuristics suggests a deliberate obfuscation technique. Without further script or body content, the exact payload and delivery mechanism remain unclear, leading to an 'unknown family' classification.
Heuristics 4
-
Encrypted Office package with CFB FAT corruption critical OLE_ENCRYPTED_AND_MALFORMEDEncrypted-package shape co-occurs with FAT-chain corruption — the documented combined evasion form.
-
Encrypted Office package with non-block-aligned cipher high OFFICE_ENCRYPTED_PACKAGE_MALFORMEDEncryptedPackage cipher body is 322,040 bytes — not a multiple of the 16-byte AES block size.
-
Office document is password-encrypted medium OFFICE_ENCRYPTED_PACKAGEOLE container holds MS-OFFCRYPTO encrypted package (Standard Encryption (Office 2007+, AES-128)).
-
Office OOXML encrypted with default VelvetSweatshop password medium OFFICE_DEFAULT_PASSWORD_ENCRYPTED_OOXMLOLE EncryptedPackage decrypts with Excel's built-in VelvetSweatshop password. Office opens this transparently, and malware uses it to hide OOXML exploit parts from scanners that only inspect the outer OLE container.
Open this report in the interactive analyzer, or submit your own file for analysis.