MALICIOUS
180
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic for Applications
T1546.001 Event Triggered Execution: Known Run Keys or Registry Run Keys
The file is identified as a legacy Excel 4.0 (XLM) macro virus, specifically the XL4Poppy variant. The embedded text explicitly mentions 'Add New Workbook, Infect It, Save It As Book1.xls', indicating a self-propagation mechanism. The heuristics confirm the presence of XLM Auto_Open macros and legacy macro virus markers, strongly suggesting this family.
Heuristics 3
-
Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPENWorkbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
-
Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUSWorkbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
-
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUSWorkbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.
Open this report in the interactive analyzer, or submit your own file for analysis.