Office (OLE) / .XLS malware analysis — malicious · 500aef758d0c3678

MALICIOUS

Office (OLE) / .XLS

94.5 KB Created: 2009-07-27 03:14:36 Authoring application: Microsoft Excel

MD5: 3e8d28c5200f9d96d1b8b6be8206a86a SHA-1: 97c8d1c87879767276b3da4c3c0b43b04e904705 SHA-256: 500aef758d0c367802f07c03a15170a0a5df4ae083e96ece89fcb5193a312c5d

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel spreadsheet containing what appears to be a legitimate inventory list. However, a critical heuristic firing indicates it is a legacy Excel formula macro virus, specifically identified as 'Poppy by VicodinES' and 'Narkotic Network'. This suggests the file is designed to execute malicious macros disguised within the spreadsheet's formulas, likely to compromise the user's system.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.