Office (OLE) / .XLS malware analysis — malicious · 4b8f35801fae18dd

MALICIOUS

Office (OLE) / .XLS

229.5 KB Created: 2002-11-24 17:25:40 Authoring application: Microsoft Excel

MD5: 68c594f8c3f4d78d206ace3a8a18784b SHA-1: 386ca48f1e642e55fe031eeb09c5a7e1a3b05fe6 SHA-256: 4b8f35801fae18dd70e999ad3003b61eed95a3994ffe046e2b04c4f71235bb3c

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a malicious Excel spreadsheet due to the presence of a legacy macro virus marker. The embedded text indicates it is 'Classic.Poppy by VicodinES', an 'Excel Formula Macro Virus (XF.Classic)' from 'The Narkotic Network 1998'. The virus appears to infect other workbooks and save them as 'Book1.xls', potentially delivering a payload as indicated by the 'Simple Payload' section.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.