Office (OLE) / .XLS malware analysis — malicious · 3454e59e5a6f1ae0

MALICIOUS

Office (OLE) / .XLS

1.96 MB Created: 2010-03-31 22:25:10 Authoring application: Microsoft Excel

MD5: d7d5a9a0494ed2311dc7f2ec00bd556c SHA-1: a66417f9a583638ee087362986d6613fcbbc0c29 SHA-256: 3454e59e5a6f1ae05d30ff0ed11d65206ace8363458d61d38dc2ca83a0452312

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as a malicious Excel file due to the presence of a legacy Excel formula macro virus marker. This specific marker, 'OLE_XLS_FORMULA_MACRO_VIRUS', indicates the presence of a known macro virus, 'Poppy' or 'XF.Classic'. The virus is designed to infect other Excel files, and the extracted strings suggest a potential lure related to medication.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.