Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 17e3d667b8df22a8…

MALICIOUS

Office (OLE)

377.0 KB Created: 1996-10-14 23:33:28 Authoring application: Microsoft Excel First seen: 2015-10-04
MD5: dbd47afaedb1f9cd6312501de292e140 SHA-1: e9d8752c7c2b304ac9eb3012c6719cf220ade470 SHA-256: 17e3d667b8df22a82574f925314ef861e4124b264faaf52070de06fa93f5fb18
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Poppy' by VicodinES and 'Narkotic Network'. The document body contains references to infecting new workbooks and saving them in the XLSTART directory, suggesting a mechanism for persistence and spread. The presence of formula macro virus markers and the file's structure strongly support its classification as a malicious macro-based threat.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.