Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 41acfed98ae53804…

MALICIOUS

Office (OLE)

899.5 KB Created: 1999-07-31 12:59:35 Authoring application: Microsoft Excel
MD5: 2f68cd5621b831e54475fdaef9da0097 SHA-1: 465233add75c43ec0e07ab36d594cf5586ea59cf SHA-256: 41acfed98ae53804a21d65444be23f380bf2c744c504178ad1c9bd47fb835529
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The sample is flagged as a legacy Excel formula macro virus, indicating it contains malicious macro code. The 'SE_CALLBACK_LURE' heuristic strongly suggests the document's content is designed to trick the user into calling a phone number for fraudulent purposes. The specific markers found, such as 'Excel Formula Macro Virus', 'XF.Classic', 'Poppy by VicodinES', and 'Narkotic Network', further support the malicious nature of the file, likely related to older macro-based threats.

Heuristics 2

  • Legacy Excel formula macro virus marker high OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns

Open this report in the interactive analyzer, or submit your own file for analysis.