Office (OLE) / .XLS malware analysis — malicious · 41b9663334a26f0d

MALICIOUS

Office (OLE) / .XLS

2.76 MB Created: 2010-07-29 08:03:59

MD5: 2821481e46ce1c165226dacf11b89668 SHA-1: bbff8b648ba70a1a6437d69f3c87b736215482f9 SHA-256: 41b9663334a26f0ddd856316499c4acdd81568ec9876e216b58263c5365906a0

140 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is an Excel 4.0 macro-enabled spreadsheet. Heuristics indicate the presence of a legacy Excel formula macro virus, specifically mentioning 'Poppy' and 'Classic-1', which are known to be malicious. The document body contains what appears to be inventory or product data, but this is likely a lure. The primary malicious activity is the execution of XLM macros.

Heuristics 3

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
ClamAV: Win.Trojan.Classic-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Classic-1
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.