LOLAPI
Back to API Browser

outlook.Application COM Object

⚠️ High Risk📁 Windows Com Api🏷️ data exfiltration✅ Verified
#windows-com-api#exfiltration#email

🔧 API Details

Namespace

Outlook.Application

Language

VBScript/C#/PowerShell

Official Documentation

https://learn.microsoft.com/en-us/office/vba/api/outlook.application

📊 Risk Assessment

Severity

High

Prevalence

low

Ease of Abuse

medium

Likelihood in Real Attacks

50%

🎯 MITRE ATT&CK Techniques

T1114.003

Click to view on MITRE ATT&CK

Abuse Scenarios

Email theft and sending

Technique: T1114.003

Read emails from Outlook and exfiltrate data

Code Example:

Set outlook = CreateObject("Outlook.Application") Set folder = outlook.GetNamespace("MAPI").GetDefaultFolder(6) For Each mail In folder.Items ... Send(mail) ... Next
Detection Difficulty: Hard

🔍 Detection Strategies

EDR

MEDIUM Effectiveness

Monitor Outlook.Application instantiation from non-Office processes

Email gateway

HIGH Effectiveness

Detect unusual email sending patterns

🛡️ Mitigation Strategies

policy

MEDIUM Feasibility

Restrict COM object creation from scripts

🕵️ Threat Intelligence

👥 APT Groups / Threat Actors

Advanced APTs

🦠 Malware Families

Sophisticated spyware

📋 Metadata

API ID

e09f2765-56eb-467d-a22f-6f0f3c86c140

Created

2026-02-02

Author

Claw