Office (OLE) / .XLK malware analysis — malicious · 3dcd768bf0d294f0

MALICIOUS

Office (OLE) / .XLK

357.5 KB Created: 2004-01-05 13:44:13 Authoring application: Microsoft Excel

MD5: 270ec394552a6253d943e737715f62f1 SHA-1: b2c6face60f9f4c39c59cab64ef45f4bb08f84f4 SHA-256: 3dcd768bf0d294f013a4c50028de82a8e350ad737857128d486dc1d265b18250

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' directly indicates this is a legacy Excel formula macro virus, specifically mentioning 'Classic.Poppy by VicodinES' and 'Narkotic Network'. The document body contains references to these names and also mentions 'Hydrocodone/APAP 10-650 For Your Computer', suggesting a potential lure or payload related to pharmaceuticals. The script's intent appears to be infecting other workbooks and potentially delivering a secondary payload, though the exact mechanism is not fully detailed in the provided evidence.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.