Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 1bbfe16a4f77a720…

MALICIOUS

Office (OLE) / .XLS

2.52 MB Created: 2009-12-31 03:06:32 Authoring application: Microsoft Excel
MD5: b2ce598c66cbcbd1c252d632ad292e71 SHA-1: 60e628574355c2214d4c5a2b3e42370a8bda9d77 SHA-256: 1bbfe16a4f77a72060e74fda256ee3cb366c18017a21e53afe7bdc6e734c5194
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a legacy Excel formula macro virus (XF.Classic) by a critical heuristic. The document body contains references to 'Classic.Poppy by VicodinES' and 'The Narkotic Network 1998', further indicating its nature as a macro-based threat. The embedded URL, while confirmed benign, is listed as an IOC. The primary attack pattern involves the infection of other Excel workbooks.

Heuristics 2

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://pprpipe.wordpress.com/2009/03/11/b%E1%BA%A3ng-gia-pvc-binh-minh-ms011108/

Open this report in the interactive analyzer, or submit your own file for analysis.