XF.Classic Office (OLE) / .VXE malware analysis — malicious · 279b83d6e3abb3be

MALICIOUS

Office (OLE) / .VXE

50.0 KB Created: 2009-12-28 06:52:58 Authoring application: Microsoft Excel

MD5: 125061f665d146c01aa25d35c4774ec3 SHA-1: d73545d1d897e562ea144e09a0b527c9e28ae1e0 SHA-256: 279b83d6e3abb3befbf21646c9293011d9ec9bca0cd4880deb57e5b284a97bed

60 Risk Score

Malware Insights

XF.Classic · confidence 90%

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is identified as a legacy Excel formula macro virus, specifically 'XF.Classic' by 'The Narkotic Network'. The document body contains references to 'Poppy by VicodinES' and 'Narkotic Network', along with strings indicating it infects other workbooks and attempts to save them as 'Book1.xls' in the 'xlstart' directory. This suggests a delivery mechanism involving a malicious Excel file designed to spread its infection.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.