Office (OLE) / .XLS malware analysis — malicious · 1b877a2cf3171777

MALICIOUS

Office (OLE) / .XLS

150.0 KB Created: 2004-08-17 07:23:32 Authoring application: Microsoft Excel

MD5: 795f1c641345875d7bb6753ca0e32792 SHA-1: 414833506670893a20959c9c86cf0bf3bdf1d284 SHA-256: 1b877a2cf3171777cb2313376a49bdfa23dde4d7dc74e049fa183923bdc25230

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this file as an Excel Formula Macro Virus, specifically mentioning 'XF.Classic' and 'Poppy by VicodinES'. The document body contains strings related to infection, such as 'Add New Workbook, Infect It, Save It As Book1.xls' and 'Infect Workbook', indicating its malicious intent. It also references specific file paths and names related to its operation.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.