Office (OLE) / .XLS malware analysis — malicious · 2b70e82a884eab2e

MALICIOUS

Office (OLE) / .XLS

37.5 KB Created: 2010-07-02 03:36:46 Authoring application: Microsoft Excel

MD5: ee5d9a1d59c4da9aaccfb2fcee107283 SHA-1: 96b6fc8a3ae79518f51cefb3071f64e062244965 SHA-256: 2b70e82a884eab2ee7324fd29c8a66b8d512538ff4d3e5ec2220c08884dfb53d

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Poppy by VicodinES' and 'XF.Classic'. The document body contains strings related to this virus, including its name and a reference to 'The Narkotic Network 1998'. The presence of 'Book1.xls' suggests a potential infection vector where the macro attempts to infect or masquerade as a common Excel startup file.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.