Office (OLE) / .XLS malware analysis — malicious · 2f2ec762f00f37bf

MALICIOUS

Office (OLE) / .XLS

473.0 KB Created: 2004-06-02 02:25:24 Authoring application: Microsoft Excel

MD5: bdea1f59a3ecde28c00527bf899ec01d SHA-1: 46dcbbf521965bc9baae1703486ca257a4ef57a5 SHA-256: 2f2ec762f00f37bf5cd327d5f1709942cfc20df4cffec49abf94f703ed552c73

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is identified as a malicious Excel spreadsheet containing a legacy formula macro virus, specifically 'Classic.Poppy by VicodinES' and 'XF.Classic'. The document body, disguised as a financial report or cost estimate, contains embedded macro virus markers and references to its payload. The presence of the 'OLE_XLS_FORMULA_MACRO_VIRUS' heuristic firing strongly indicates the malicious nature of the file.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.