Office (OLE) malware analysis — malicious · 2a5f6e62c8d0816f

MALICIOUS

Office (OLE)

527.0 KB Created: 2010-08-21 08:13:13 Authoring application: Microsoft Excel

MD5: 3d9fff74c75d91f323c24621a4f6d75e SHA-1: c21333305ef53b704f4df738ebedb7158492641f SHA-256: 2a5f6e62c8d0816f46505bce809ccbdd4815395cc90e2cf57c1954cd5382481a

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a malicious Excel workbook due to the presence of a legacy Excel 4.0 macro virus, specifically 'Classic.Poppy by VicodinES'. The macro appears to be designed to infect other workbooks and potentially deliver a payload, as indicated by the embedded strings like 'Hydrocodone/APAP 10-650 For Your Computer' and the infection routine described in the document body. The virus attempts to save itself as 'ÿÿÿÿÿ.xls' in the XLSTART directory, which is a common technique for achieving persistence.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.