Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 01dbba2ba9a92f13…

MALICIOUS

Office (OLE)

87.0 KB Created: 2010-07-08 03:44:22 Authoring application: Microsoft Excel First seen: 2015-02-05
MD5: 3141187c58dc3278a71fbad9c8ac2eed SHA-1: 2319b87bcaa5308fedbac1c16627822c6cde3b5f SHA-256: 01dbba2ba9a92f13f284d1f237281c2403f8b8d964f84ca15c33f8e466bf7e0b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Classic.Poppy by VicodinES' and associated with 'The Narkotic Network 1998'. The document body contains strings related to infecting other workbooks and saving them as 'Book1.xls', suggesting a mechanism for propagation and potential payload delivery. The presence of VBA-related heuristics points to the use of Visual Basic for scripting.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.