Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 10eb5d011c53ac4e…

MALICIOUS

Office (OLE)

819.0 KB Created: 2001-12-19 09:01:58 Authoring application: Microsoft Excel First seen: 2015-10-01
MD5: 8f28abfa441354e792e0abbc4a3bbad0 SHA-1: e95cb796114a4b5c55546e9aaceafffa5cda0edc SHA-256: 10eb5d011c53ac4e0ec19e81a43b4d5bcc1da17aa9342b7e37ee8101c6c514f4
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically mentioning 'Classic.Poppy by VicodinES' and 'The Narkotic Network 1998'. The document body confirms this by referencing these names and the potential for infection via 'xlstart\Book1.xls', suggesting an attempt to execute malicious code through Excel's macro capabilities.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.