Office (OLE) / .XLS malware analysis — malicious · 0351733940da11b3

MALICIOUS

Office (OLE) / .XLS

2.02 MB Created: 2005-06-29 00:07:25 Authoring application: Microsoft Excel

MD5: d352fd59cb543a78714d0b85d4c8d864 SHA-1: 1bfaa8968fdeafa8a6fa601b5c41599bc5908291 SHA-256: 0351733940da11b36a6555eabfca859e8728f310b232df2acdd59e39dc84790b

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as a legacy Excel formula macro virus, specifically 'Poppy by VicodinES' and 'The Narkotic Network'. The document body contains text that appears to be a timesheet or work log, likely intended to trick the user into opening and interacting with the malicious content. The presence of VBA/macro-related heuristics and the embedded text strongly suggest an attempt to execute malicious code via Excel formulas.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.