Office (OLE) / .XLS malware analysis — malicious · 1d9f86abb1b45a78

MALICIOUS

Office (OLE) / .XLS

3.07 MB Created: 2009-10-09 07:25:05 Authoring application: Microsoft Excel

MD5: 9ca926e402d55ed3a03ea59dce27d3b6 SHA-1: 8885c11bdfe9b2280c180ec227680442aef4d9d6 SHA-256: 1d9f86abb1b45a7857bd33f20bd1507ec08bc6c048e9e70d02e6aa2dc4d6381a

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as malicious due to the presence of legacy Excel 4.0 macros, specifically flagged as an 'Excel Formula Macro Virus' and associated with 'Classic.Poppy by VicodinES' and 'The Narkotic Network 1998'. The macro sheet marker and virus marker indicate that this file is designed to execute code, likely for infection or payload delivery. The document body, while appearing as a staff list, contains embedded references to these macro names, further supporting the malicious nature.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.