XF.Classic Office (OLE) / .XLS malware analysis — malicious · 226aecab810b96fd

MALICIOUS

Office (OLE) / .XLS

2.14 MB Created: 2010-01-29 09:52:33 Authoring application: Microsoft Excel

MD5: 1d4b8df853377092a321991997e55186 SHA-1: 2cbaf4827ba66ba02785de67862cebf9298e88aa SHA-256: 226aecab810b96fd592e7b363478c4c14faefc6b2454645947e488cb11c67080

60 Risk Score

Malware Insights

XF.Classic · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing directly identifies this file as an 'Excel Formula Macro Virus' with markers indicating it belongs to the 'XF.Classic' family, also known as 'Poppy by VicodinES' and associated with 'The Narkotic Network'. The document body confirms this by containing strings like 'An Excel Formula Macro Virus (XF.Classic)' and 'Classic.Poppy by VicodinES', along with instructions for infecting other workbooks and saving them as 'Book1.xls'. This indicates the primary function is to spread itself by infecting other Excel files.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.