Office (OLE) malware analysis — malicious · 21f80fb0d240cd60

MALICIOUS

Office (OLE)

135.5 KB Created: 2011-03-04 13:02:25 Authoring application: Microsoft Excel First seen: 2015-09-17

MD5: 465dac48d0e09273756e870e1e046e90 SHA-1: 4a0512912ad2fed0226617f739157e12b8b0698f SHA-256: 21f80fb0d240cd606aa5f75a32648b22baf972d3b2a0fe7d0120093c700816ef

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as a malicious Excel 4.0 macro sheet due to critical heuristic firings indicating legacy Excel formula macro virus markers, including 'Poppy by VicodinES' and 'Narkotic Network'. The document body, while appearing to be a property demolition and compensation form, is likely a lure to disguise the malicious intent of the embedded XLM macro.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.