XF.Classic Office (OLE) / .XLS malware analysis — malicious · 376b83c546b1b838

MALICIOUS

Office (OLE) / .XLS

24.0 KB Created: 2006-05-22 08:38:33 Authoring application: Microsoft Excel

MD5: d69acb42bcfa2fed4120c186e88ea009 SHA-1: 3a7249dfaf3c56cd73c351c4e8ee6d080ff64e17 SHA-256: 376b83c546b1b838cc79c357491eae69f581022689c629d02a211b0472bb987a

60 Risk Score

Malware Insights

XF.Classic · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing for 'OLE_XLS_FORMULA_MACRO_VIRUS' and the embedded text clearly indicate this is the XF.Classic Excel formula macro virus. The script content reveals its intent to infect other workbooks, specifically saving infected copies as 'Book1.xls' in the Excel startup directory, and displays a fake prescription lure.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.