Office (OLE) malware analysis — malicious · 3a06b4d30ea039eb

MALICIOUS

Office (OLE)

972.0 KB Created: 2001-10-25 01:35:04 Authoring application: Microsoft Excel

MD5: 2d5a55dc3221926e44a07649b9c7921b SHA-1: 6816d12482a787fdf7bae310973689051c6af4a5 SHA-256: 3a06b4d30ea039eb218a9dbb4487de6cb11a7e5dbe679ca742759a2d20649a19

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel formula macro virus, specifically 'XF.Classic' or 'Poppy by VicodinES' from 'The Narkotic Network'. The embedded document body contains strings related to this malware, including its name and a reference to 'Hydrocodone/APAP 10-650 For Your Computer', suggesting a potential payload or lure. The heuristic firing confirms the presence of a known Excel macro virus.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.