Office (OLE) / .XLK malware analysis — malicious · 17671af6ad57fa00

MALICIOUS

Office (OLE) / .XLK

292.5 KB Created: 2004-01-05 13:44:13 Authoring application: Microsoft Excel

MD5: ab7807d91596ff20a43678ff36450756 SHA-1: bbcba551813518772acc5a4a83f0142ec3aa24a4 SHA-256: 17671af6ad57fa006fc42411aa58d560a67630ad97756cea798cc7fb70c00672

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as a legacy Excel formula macro virus, specifically 'Classic.Poppy' by VicodinES, also known as 'The Narkotic Network'. The document body suggests a payload that infects the user's Excel environment by saving itself as 'Book1.xls' in the Excel startup directory, indicating an attempt to establish persistence and spread.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.