Office (OLE) / .XLS malware analysis — malicious · 2d356989fef39cce

MALICIOUS

Office (OLE) / .XLS

3.41 MB Created: 2010-03-16 04:15:42 Authoring application: Microsoft Excel

MD5: 929794863dd41fb138ae056d2639f72b SHA-1: cad24f960a8395e89d5043fb7bc438284b0c0335 SHA-256: 2d356989fef39ccece6c08e87e2bd8fcaee06b690e2c073e40cf3c69dd0b493f

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'XF.Classic' and associated with 'Poppy by VicodinES' and 'The Narkotic Network'. The document body confirms this, referencing 'Classic.Poppy by VicodinES' and 'An Excel Formula Macro Virus (XF.Classic)'. The script's intent appears to be infecting other workbooks and potentially delivering a payload, as suggested by the 'Simple Payload' section and references to 'Hydrocodone/APAP 10-650 For Your Computer'.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.