Office (OLE) malware analysis — malicious · 2f1e759e8287f7ce

MALICIOUS

Office (OLE)

133.5 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel First seen: 2015-09-18

MD5: 4ffdaa319c42a31b7c08c9b59696a1b8 SHA-1: 57fd8e2818eeda894df61af0f4565e759780391d SHA-256: 2f1e759e8287f7ce584cf66d757c6f9cfd71448ed3c83f8b7a07f1f2cf768eb5

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file contains legacy Excel 4.0 (XLM) macros, identified by the OLE_XLM_AUTOOPEN heuristic. The embedded text explicitly references 'Classic.Poppy by VicodinES', 'The Narkotic Network 1998', and 'Excel Formula Macro Virus', indicating it is a known macro virus. The presence of 'Auto and On Sheet Starts Here' and instructions to 'Infect Workbook' suggest the macro's primary function is to spread to other Excel files, potentially via the 'Book1.xls' path.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.