Office (OLE) / .XLS malware analysis — malicious · 0447a2a0cc447271

MALICIOUS

Office (OLE) / .XLS

341.5 KB Created: 2006-07-05 00:37:16 Authoring application: Microsoft Excel

MD5: 193e42ae91cac4fca36ff5c97e78d054 SHA-1: 8ad6f74b4a1186514cfb2543ce6353fb171f4eab SHA-256: 0447a2a0cc447271ac4c16f09aaae6b9750c05886b419e0b80df8ed4f5d2ba1e

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Classic.Poppy by VicodinES'. The document body contains text that appears to be a fake payment reconciliation, likely intended to distract or mislead the user while the macro operates. The macro's purpose is to infect other workbooks and potentially establish persistence.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.