Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 1d0ee884750e9494…

MALICIOUS

Office (OLE) / .XLS

614.0 KB Created: 2002-01-18 02:38:26 Authoring application: Microsoft Excel
MD5: 08bb174b114196a6e13e29e7052a1dc8 SHA-1: 0f0e5543d75d713bb76db7d9a663a22bfc6438c3 SHA-256: 1d0ee884750e949432a945ae39ceb4b3415e86b6ed4467719cf267167217a9f2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter

The file is an Excel spreadsheet containing explicit markers for a legacy Excel formula macro virus, identified as 'Classic.Poppy by VicodinES' and 'XF.Classic'. The document body also contains strings like 'Add New Workbook, Infect It, Save It As Book1.xls' and 'Infect Workbook', strongly suggesting the macro's purpose is to infect other Excel files. The presence of these markers and instructional strings leads to a high confidence assessment.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.