Office (OLE) / .XLS malware analysis — malicious · 1303d11f16f9fc0b

MALICIOUS

Office (OLE) / .XLS

471.5 KB Created: 2007-06-06 01:38:16 Authoring application: Microsoft Excel

MD5: d5866c0ec0865e9e7499c6264a846e72 SHA-1: 8e32a45d365b60640234e99c5c6530ebee4790d0 SHA-256: 1303d11f16f9fc0b9f056966be565394fcdb20c39365f6225e4967f7bf9d22e0

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel XLS document containing a legacy Excel formula macro virus marker, identified as 'Poppy by VicodinES' and 'XF.Classic'. The document body is formatted as a packing list, a common lure for phishing attacks. The presence of VBA-related markers and the document's content suggest an attempt to execute malicious macros, likely for payload delivery.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.