Office (OLE) malware analysis — malicious · 13a82d47965a6b96

MALICIOUS

Office (OLE)

314.5 KB Created: 2007-10-18 10:45:56 Authoring application: Microsoft Excel First seen: 2015-09-18

MD5: 387f6ef9403bea17d6853bc32b06e6c9 SHA-1: a50246e20e6847764aec9289276ba6f8897d5786 SHA-256: 13a82d47965a6b96b61bbca466f16212e58d932f4139ee78a0363e8a89f8b69e

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The critical heuristic firing indicates the presence of a legacy Excel Formula Macro Virus, specifically mentioning 'Poppy by VicodinES' and 'The Narkotic Network'. The presence of XLM macros suggests an attempt to execute arbitrary code, likely for downloading additional malware. The document body contains what appears to be legitimate academic content, but the macro execution is the primary indicator of malicious intent.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.