Office (OLE) / .XLS malware analysis — malicious · 1910198040fc776d

MALICIOUS

Office (OLE) / .XLS

623.0 KB Created: 2010-08-04 06:13:35 Authoring application: Microsoft Excel

MD5: 4ad61ead71d4803daa6881c810eb69ea SHA-1: b078dd9e0acd59331334becd07f543542e557fb3 SHA-256: 1910198040fc776de3b601e2ea1b5c182c3b84274290bd165950c1694feb26aa

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file containing legacy Excel 4.0 macros, identified by critical heuristic firings for 'Excel Formula Macro Virus' and 'Poppy by VicodinES'. The macros appear to be designed to infect other workbooks and potentially deliver a payload, as suggested by the 'Simple Payload' and 'Infect Workbook' comments within the extracted macro content. The presence of specific markers and names like 'Classic.Poppy' and 'The Narkotic Network' strongly indicates a known macro virus.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.