Office (OLE) / .VXE malware analysis — malicious · 135a0e54f2f4eb34

MALICIOUS

Office (OLE) / .VXE

158.5 KB Created: 2010-06-05 07:52:29 Authoring application: Microsoft Excel

MD5: e0d6062c803833a12417c7fb02971637 SHA-1: 82940ed048ec9737f7fc6a2f38519e64c280c549 SHA-256: 135a0e54f2f4eb346b2c658112df05a37f9199a61a0d8279c9662be960d52e2f

68 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as a malicious Excel document containing a legacy Excel Formula Macro Virus, specifically 'Poppy by VicodinES' and 'XF.Classic'. The embedded VBA macro, though small, is associated with this known type of threat. The document body contains strings related to financial data and payroll, likely serving as a lure to mask the malicious macro's presence.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
VBA project contains no executable statements low OLE_VBA_MACROS

Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `cea7cc7b09123b6d6a05a4461d1ff7067b9f91144e2036503ff00d7df2b6ae5d`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.