Office (OLE) / .XLS malware analysis — malicious · 0535267dfdaabf39

MALICIOUS

Office (OLE) / .XLS

153.0 KB Created: 2004-08-17 07:23:32 Authoring application: Microsoft Excel

MD5: 247041af44384379bdb089ab6459c1f2 SHA-1: dbba34913a103f962d53c37961272cd5a66c361e SHA-256: 0535267dfdaabf39518e57922f0d994fcbd7636a312344eb5db355df5c2e000b

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel XLS file identified as a legacy Excel formula macro virus. The heuristic firing and embedded text indicate it's a variant of 'Poppy' by VicodinES, designed to infect other workbooks and potentially execute arbitrary code. The document body contains references to 'Classic.Poppy' and 'Book1.xls', suggesting it attempts to infect or masquerade as a legitimate Excel file.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.