Office (OLE) / .XLS malware analysis — malicious · 4aae7ec8771b9625

MALICIOUS

Office (OLE) / .XLS

1.49 MB Created: 2002-01-18 02:38:26 Authoring application: Microsoft Excel

MD5: c292c59dc6c030c75284fe3a4b7bbea7 SHA-1: a0c6f7be1c8aebbbefead1bb1097d1cb583c8295 SHA-256: 4aae7ec8771b9625a7aa55d6c4e1a50b6f810facfdc619697548a96dee679fc9

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing for 'OLE_XLS_FORMULA_MACRO_VIRUS' and the medium firing for 'OLE_XLM_AUTOOPEN' indicate the presence of legacy Excel macros. The 'DOC BODY' contains explicit references to 'Classic.Poppy by VicodinES' and 'An Excel Formula Macro Virus (XF.Classic)', along with a path that suggests the macro attempts to infect or place a file in the 'xlstart' directory. This indicates a self-propagating or infection-based attack pattern.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.