Office (OLE) / .XLS malware analysis — malicious · 05212251431c6a1b

MALICIOUS

Office (OLE) / .XLS

1.51 MB Created: 2004-04-08 15:18:15 Authoring application: Microsoft Excel

MD5: a5f8c24ccd0779e62a5e59346694caff SHA-1: c7f524fcbbe580cb626aff09e72f55574e4fa4a1 SHA-256: 05212251431c6a1b7daa4968edc6e6eaa849eca428bffd6ee6031935b94b5929

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates the presence of a legacy Excel Formula Macro Virus marker, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. This type of macro is known to be used for malicious purposes, such as downloading and executing additional malware. The XLM macro sheet further supports the malicious intent.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.