Office (OLE) / .VXE malware analysis — malicious · 2e4699eee77c2e7e

MALICIOUS

Office (OLE) / .VXE

62.0 KB Created: 2004-03-24 02:45:16 Authoring application: Microsoft Excel

MD5: b79279f3532986b9b92d7f6dd3c52796 SHA-1: f728711c988327356476e48c86a39914cdf8052b SHA-256: 2e4699eee77c2e7e26a51d72dc6cff683b75ebbb2f6261bc8dbba013b6f35dfc

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing indicates this is a legacy Excel 4.0 macro virus, specifically identified as 'Poppy by VicodinES' and associated with 'The Narkotic Network'. The document body contains strings related to this malware, including payload references like 'Hydrocodone/APAP 10-650 For Your Computer'. The macro's intent appears to be infecting other workbooks and potentially delivering this payload.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.