Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 0218cdddcea20205…

MALICIOUS

Office (OLE)

115.0 KB Created: 2008-05-07 03:14:08 Authoring application: Microsoft Excel
MD5: d6ea64cd4330ac08224cf2af1c0dda45 SHA-1: fc5bcabbb096189ac60e083827eae5bc3d3c716e SHA-256: 0218cdddcea202058e5db86640a2cb607997e1a07c0a81d61750aaf23ed10698
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this Excel file contains a legacy formula macro virus, specifically identified as 'Poppy' and 'XF.Classic'. The document body contains strings related to infection and payload delivery, such as 'Add New Workbook, Infect It, Save It As Book1.xls' and 'Infect Workbook', suggesting the macro's purpose is to spread to other Excel files, potentially via the 'Book1.xls' file in the XLSTART directory.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.