Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 449a15531be569ef…

MALICIOUS

Office (OLE) / .XLS

237.5 KB Created: 2002-12-25 03:45:15 Authoring application: Microsoft Excel
MD5: 5aede5e264bcb0777ed8738e417061a8 SHA-1: 9107d942aae743d0fa245447fa9df511d4691509 SHA-256: 449a15531be569efe184b10d2581a333f9d0d810fd544137609169cc18ca38ab
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this file as a legacy Excel formula macro virus, specifically mentioning 'Classic.Poppy by VicodinES' and 'The Narkotic Network 1998'. The document body confirms this by containing strings related to these markers and describing a 'Simple Payload' with a drug reference, indicating a malicious intent to spread and potentially deliver harmful content. The virus also attempts to infect 'book1.xls'.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.