XF.Classic Office (OLE) / .XLS malware analysis — malicious · 3837cdf760d9beef

MALICIOUS

Office (OLE) / .XLS

65.5 KB Created: 1999-02-08 02:12:02 Authoring application: Microsoft Excel

MD5: 9e47132a3313a7ba935a9d9c6ac9196c SHA-1: 973190658c3ecdc766cfa565f0329c9cdf3af661 SHA-256: 3837cdf760d9beefb6e70abc807e1c13ef880860fee1a82b8ea5f01a26607bf9

60 Risk Score

Malware Insights

XF.Classic · confidence 90%

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing directly identifies this sample as the 'XF.Classic' Excel Formula Macro Virus, also known as 'Poppy by VicodinES'. The document body contains strings related to this virus, including its name, author, and a reference to 'Hydrocodone/APAP 10-650 For Your Computer', suggesting a potential payload or lure. The virus's primary function is to infect other Excel workbooks.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.