-
This is an interesting one since "our" old implementation of is_encrypted claims that the embedded file is still encrypted (which it is not), but the msoffcrypto-is_encrypted gets it right.
-
These 4 files contain dde-links to calc.exe and are encrypted with excel's standard password.
-
These are encrypted with the standard password hard-coded into excel to implement a form of write protection
-
Samples were created by me using Office 2010 on a Windows 7 machine, password is "encrypted", contents is trivial (no links, macros, ...) Encryption should be the CryptoAPI RC4 Encryption (see [MS-OFFCRYPTO])