Office (OLE) / .X malware analysis — malicious · 3f314bccb221bed8

MALICIOUS

Office (OLE) / .X

46.5 KB Created: 2001-09-18 01:04:40 Authoring application: Microsoft Excel

MD5: 77706eaea43e64b39d902759ccba61b8 SHA-1: 274283a0d834b47be962ed0d8e0db6ead1e8c30e SHA-256: 3f314bccb221bed8de032bd2c15ca9317910503306bb9c9a98e4c7595cf309a4

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is an Excel file containing legacy Excel 4.0 macros, identified by the 'OLE_XLS_FORMULA_MACRO_VIRUS' heuristic. The embedded script explicitly mentions 'Classic.Poppy by VicodinES' and 'The Narkotic Network', indicating a known macro virus. The script's intent is to infect other workbooks by saving a modified version as 'Book1.xls' in the Excel startup directory, which would likely lead to further infection or payload delivery upon Excel startup.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.