Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 19ee9ffaccb523f0…

MALICIOUS

Office (OLE)

2.68 MB Created: 2004-03-09 02:28:28 Authoring application: Microsoft Excel
MD5: a7aaae3c9c15de00847611eb351d5c58 SHA-1: 2be702a68dd16f20b5e17324fbbab4d795326587 SHA-256: 19ee9ffaccb523f0aa6bcdd9bbd54545bc2520fc8ce1ea19eea2a112b5f8eadf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES'. The document body contains numerous financial terms and document templates (invoices, loan requests, payment details) suggesting a financial scam or fraud. The presence of file paths related to Excel startup directories implies an attempt to achieve persistence or auto-execution upon opening Excel.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.