Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 220f4a2349ad3d96…

MALICIOUS

Office (OLE) / .XLS

301.0 KB Created: 2008-11-18 04:48:11 Authoring application: Microsoft Excel
MD5: b11b03c32c029661630412b5c83060ed SHA-1: 0c033c0c79c7545c72b3cc98288e257f0728e982 SHA-256: 220f4a2349ad3d96dbc2c678ffe2777a04484ffbef8fb028d6e2ee962ec6c57e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly indicates the presence of a legacy Excel formula macro virus, identified as 'Classic.Poppy by VicodinES' and 'XF.Classic'. The document body contains embedded strings and file paths related to this macro, including 'C:\Program Files\Microsoft Office\Office10\xlstart\Book1.xls' and 'Book1.xls', suggesting an attempt to infect or utilize this specific file for propagation. The mention of 'The Narkotic Network 1998' further contextualizes the origin of this classic macro virus.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.