Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 26a084010638543a…

MALICIOUS

Office (OLE) / .XLS

57.5 KB Created: 2010-05-28 06:16:31 Authoring application: Microsoft Excel
MD5: 788dfa137897ed308c969ff91cae0014 SHA-1: 1c89e3135a39d271ce61a01ee771f033376299b9 SHA-256: 26a084010638543ad7dbc37f40b580a717b779d6df3585c5e3252deec9c64aa7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates the presence of a legacy Excel macro virus, specifically identified as 'XF.Classic' and 'Poppy by VicodinES'. The document body contains text related to a fake list of attendees and expenses, which appears to be a lure. The script section explicitly mentions 'An Excel Formula Macro Virus (XF.Classic)' and 'Simple Payload', confirming its malicious nature. The virus likely infects the system upon opening the Excel file.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.