Office (OLE) / .XLS malware analysis — malicious · 4613e4fbcf899d61

MALICIOUS

Office (OLE) / .XLS

65.5 KB Created: 1999-02-08 02:12:02 Authoring application: Microsoft Excel

MD5: 7bc4f49a6dcff251aba893de4cd9d711 SHA-1: 01ecb5b62066facb6c6bcac754884e42edac2108 SHA-256: 4613e4fbcf899d6128ba619cb8a3a2244f9471ff581c5dd9380451fac5952478

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this XLS file is a known legacy macro virus. The document body contains strings like 'Classic.Poppy by VicodinES', 'XF.Classic', and 'The Narkotic Network 1998', which are markers for this specific type of malware. The virus appears to be designed to infect other Excel workbooks, specifically targeting 'Book1.xls' for infection and saving.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.