Office (OLE) / .XLS malware analysis — malicious · 34112e4bf3dccbfa

MALICIOUS

Office (OLE) / .XLS

1.51 MB Created: 2009-01-02 16:06:10 Authoring application: Microsoft Excel

MD5: 1c0e90ae3128035e38c873a893be2e08 SHA-1: 191363a5b524ee7321cd3acbe46b20ab459fdfa7 SHA-256: 34112e4bf3dccbfa3b4b8aa9ff8f54ab46df78c05a7c338b1fcdbd28fffd1eb9

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates the presence of legacy Excel formula macros, often used for malicious purposes. The markers 'Poppy by VicodinES', 'Narkotic Network', and 'XF.Classic' suggest this sample belongs to a known, older malware family. The document body contains what appears to be a parts list, which is likely a lure to disguise the malicious macro functionality.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.