Office (OLE) / .XLS malware analysis — malicious · 03d0323d4085c0a0

MALICIOUS

Office (OLE) / .XLS

423.0 KB Created: 2010-03-18 09:10:35 Authoring application: Microsoft Excel

MD5: 0114357b198ab15c269f92007ed525c7 SHA-1: e319322b2eb1f35b156b98e0496353d16d3073df SHA-256: 03d0323d4085c0a0f960df8582c7c1d97d70efb14c5b3665c49599068566c10e

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as a legacy Excel formula macro virus, specifically referencing 'Classic.Poppy by VicodinES' and 'The Narkotic Network'. The heuristics indicate it's designed to infect other workbooks and potentially execute a payload, as suggested by the 'Simple Payload' and infection routines described in the document body. The presence of VBA macro markers and the nature of formula macros point to the T1059.005 (Visual Basic) technique.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.