Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 2f3855fe4c69c30c…

MALICIOUS

Office (OLE)

835.5 KB Created: 2003-12-01 03:15:05 Authoring application: Microsoft Excel
MD5: 96961f6ac5e1db8f517f7885538cc14d SHA-1: 1819cbba022a2d44efa180629c0049be180cd539 SHA-256: 2f3855fe4c69c30ce920f44b3b2af4f0b9bcb1c7bb6a4656b2f40e57fd1f1b79
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The file is an Excel spreadsheet containing what appears to be a logistics manifest. The critical heuristic firing indicates it is a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. This suggests the file's primary purpose is to execute malicious Excel 4.0 macros, likely to download and run a second-stage payload. No specific URLs or executable payloads were extracted, but the presence of known macro virus markers is a strong indicator of malicious intent.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.