Office (OLE) / .XLS malware analysis — malicious · 1ab55f065ce7c0df

MALICIOUS

Office (OLE) / .XLS

72.0 KB Created: 2003-05-06 03:32:33 Authoring application: Microsoft Excel

MD5: d96b448fdc786717a2284ef0d9da7bc2 SHA-1: 4ea36a4b95b0592027b5e34fa76a1258da2b1689 SHA-256: 1ab55f065ce7c0df8b20e567ed76bc12ae7a1c849197fdcff5d2a8ff0689b14d

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this XLS file is a known legacy Excel formula macro virus, specifically identified as 'XF.Classic' and associated with 'Poppy by VicodinES' and 'The Narkotic Network'. The document body contains embedded strings and paths related to its infection mechanism, including saving infected files as 'Book1.xls' in startup directories. The virus appears to be designed to infect other workbooks and potentially deliver a payload, as suggested by the 'Simple Payload' and 'Set Our Values and Paths' sections.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.