Office (OLE) malware analysis — malicious · 27ff7c4d92fa1415

MALICIOUS

Office (OLE)

5.73 MB Created: 2000-05-26 16:45:09 Authoring application: Microsoft Excel

MD5: c3ab7ca2655d5695ce2a555b9c35a950 SHA-1: 0fcdc64e966ec736f3b74a077e8fa0085e51dc62 SHA-256: 27ff7c4d92fa14151fa4a194fad58f728fbb59421abd36e46b163cf705645125

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The sample was identified as malicious due to the presence of legacy Excel 4.0 (XLM) macro sheets and a critical heuristic firing indicating a "Legacy Excel formula macro virus marker". The specific markers found, such as "Poppy by VicodinES" and "Narkotic Network", suggest a known malware lineage. The document body content, while appearing to be technical specifications, does not directly indicate the malware's payload but confirms the file's nature as a macro-enabled Excel sheet.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.