XF.Classic Office (OLE) / .XLS malware analysis — malicious · 2515edbf140bee13

MALICIOUS

Office (OLE) / .XLS

30.5 KB Created: 2005-12-16 01:15:32 Authoring application: Microsoft Excel

MD5: 11e8a1d3176036a4b77d29cefd74a76c SHA-1: 75ec6ff4b4b3c5563531e628356a728983858e28 SHA-256: 2515edbf140bee130ef994dbf8574184558b030afcc4907530d23fe1fb6d0c80

60 Risk Score

Malware Insights

XF.Classic · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this file as a legacy Excel formula macro virus, specifically naming 'XF.Classic' and 'Poppy by VicodinES'. The document body contains strings related to infection, such as 'Add New Workbook, Infect It, Save It As Book1.xls', indicating its malicious intent to spread and potentially execute further actions. The presence of 'Narkotic Network' suggests a possible origin or association.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.