Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 340bd913b29e7001…

MALICIOUS

Office (OLE)

940.0 KB Created: 2010-04-06 19:03:53 Authoring application: Microsoft Excel
MD5: 37824b02fef7e1dde06a38bbed9d9a95 SHA-1: 8fd466262ddb15f3b35a751aa9ff53701b3d88b9 SHA-256: 340bd913b29e7001a677b267ed72744d731d7ee0f2fd8cada0f683502ecf36c6
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is an Excel document containing what appears to be a legitimate educational planning schedule. However, a critical heuristic firing indicates it is a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network', which are known indicators of older malware families. The presence of 'XL4Poppy' further supports this. The document body's content is likely a lure to encourage opening and interacting with the malicious macros.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.