Office (OLE) / .XLS malware analysis — malicious · 1c16ffe6b844d7c2

MALICIOUS

Office (OLE) / .XLS

416.0 KB Created: 2010-04-30 23:23:17 Authoring application: Microsoft Excel

MD5: d9ecd6272fef317ad8ad688566a8901a SHA-1: fb5a292c5b114d531f25a56b766415e90243ac09 SHA-256: 1c16ffe6b844d7c21476fdf00238f26cffe3fe9610c6846ac540607717ec63c4

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as a malicious Excel 97-2003 Workbook (XLS) containing a legacy Excel formula macro virus. The heuristic firing explicitly names 'XF.Classic' and mentions 'Poppy by VicodinES' and 'The Narkotic Network 1998', indicating a known type of macro-based threat. The embedded text confirms the presence of these markers and suggests the macro's purpose is to infect other workbooks, specifically saving infected copies as 'Book1.xls'.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.