Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 278ac2e297c62a8b…

MALICIOUS

Office (OLE)

79.0 KB Created: 2012-07-27 04:35:46 Authoring application: Microsoft Excel First seen: 2015-09-24
MD5: 47dbbe267fd6f234318280cc8abb5000 SHA-1: be57794326225191fe7827e1e31f21d9685ff395 SHA-256: 278ac2e297c62a8bccfc4878b3fae3c9c660fed4ee5fb340b237e1900f8bd7ef
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates the presence of a legacy Excel formula macro virus marker, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. The XLM macro sheet is designed to infect other workbooks and potentially download further payloads, as suggested by the embedded comments.

Heuristics 2

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.