Office (OOXML) / .XLSX malware analysis — malicious · ff1ca3cf65e3e161

MALICIOUS

Office (OOXML) / .XLSX

8.4 KB Created: 2026-06-06 20:30:02 UTC Authoring application: Microsoft Excel 15.0300 First seen: 2026-06-07

MD5: 4e49cca1f6ccbefcefee504c6566bee6 SHA-1: 5da919b91c20bfc2127322ca60063012d318f87a SHA-256: ff1ca3cf65e3e161206f4b8285be488c4eb5583c7d23c745eb6c10d037ad523c

62 Risk Score

Heuristics 2

Spreadsheet DDE link launches a dangerous command critical OOXML_SPREADSHEET_DDE_MALICIOUS

Excel workbook contains an externalLinks/ddeLink entry whose ddeService/ddeTopic launches a dangerous executable. This is SpreadsheetML DDE command execution, distinct from WordprocessingML DDE field instructions.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://192.168.1.114:8888/XXcommandos.txt In document text (OOXML body / shared strings)

Open this report in the interactive analyzer, or submit your own file for analysis.