Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 51609363d43de86f…

MALICIOUS

Office (OLE)

652.5 KB Created: 2005-04-21 15:34:54 Authoring application: Microsoft Excel First seen: 2015-09-21
MD5: 5ec4b8668428007a2d50a2e410c57510 SHA-1: 4f97c337f5de0db18b076450294e6a1285d53396 SHA-256: 51609363d43de86f6f603000f1bee05e448ff691d211478f8cfab4b69643fdb6
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this as a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'XF.Classic'. The document body contains numerous strings related to payroll, salaries, and company departments, suggesting a lure to trick users into opening and enabling macros. The embedded text also explicitly mentions 'An Excel Formula Macro Virus (XF.Classic)' and 'Hydrocodone/APAP 10-650 For Your Computer', indicating its malicious nature and potential payload.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.