Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 4c28360e9c4bc8b1…

MALICIOUS

Office (OLE) / .XLS

2.03 MB Created: 2010-03-04 02:24:25
MD5: c2e97eb64c6e604a0db7f3c924a03d6c SHA-1: 0fd3b487a5e18fb906090051c11354b1f50c5d3a SHA-256: 4c28360e9c4bc8b1ed66169d2619804968b5627573a005a6ea1524374e806f39
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a malicious Excel spreadsheet containing a legacy macro virus, specifically flagged as 'Excel Formula Macro Virus', 'XF.Classic', 'Poppy by VicodinES', and 'Narkotic Network'. The document body contains financial and construction-related terminology, suggesting a lure for financial scams or business-related compromise. The presence of a legacy macro virus indicates a potential for system compromise or data theft.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.