Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 1735a667d5caa352…

MALICIOUS

Office (OLE)

168.5 KB Created: 2010-04-17 02:19:21 Authoring application: Microsoft Excel
MD5: 4a16cda39860dacf3d5133f31b28d5bb SHA-1: 3b173d7393e596ac4df8ae1c56ae90133117e63c SHA-256: 1735a667d5caa3528639ec3bb7b36c7633e68e46f3c3165c019498df80f34df7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel spreadsheet containing what appears to be financial data related to loans and payments. The heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' and the presence of strings like 'Classic.Poppy by VicodinES', 'Hydrocodone/APAP 10-650 For Your Computer', and 'The Narkotic Network 1998' suggest this is a legacy macro-based threat. The embedded strings indicate a potential financial lure or scam.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.