Office (OLE) malware analysis — malicious · 13fb2288c97580a9

MALICIOUS

Office (OLE)

1.45 MB Created: 2007-03-02 04:25:58 Authoring application: Microsoft Excel

MD5: 51c196c6fdd7d5385fcc0e143835a0ce SHA-1: b8269756ecb59916140d12421cba91505877b275 SHA-256: 13fb2288c97580a963818d4f80d7485186d6b1f3fc179bfccbed8db911c3c2e3

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel document containing a feature list for a vehicle, which is a common lure for phishing attacks. The critical heuristic firing indicates the presence of a legacy Excel formula macro virus, suggesting the document is designed to execute malicious code when macros are enabled. The specific markers 'Poppy by VicodinES' and 'Narkotic Network' are associated with older macro malware.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.