Office (OLE) / .XLS malware analysis — malicious · 076743a44ec1912b

MALICIOUS

Office (OLE) / .XLS

1.03 MB Created: 2007-04-07 02:27:09 Authoring application: Microsoft Excel

MD5: 236ee559219748d09acb827ab514fcb6 SHA-1: 148c891de31f2fcdcfe5ea0bf40efc702691ab8e SHA-256: 076743a44ec1912bcc8ca36198074b8234a65234c90078918b611a220978b1b6

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel XLS document containing a legacy Excel formula macro, identified by the 'OLE_XLS_FORMULA_MACRO_VIRUS' heuristic. The macro is associated with the names 'XL4Poppy', 'Poppy by VicodinES', and 'Narkotic Network', suggesting a known malware family or variant. The document body contains financial and project-related text, which is likely a lure to disguise the malicious macro's execution.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.