Office (OLE) / .XLS malware analysis — malicious · 52c22131b3af7b97

MALICIOUS

Office (OLE) / .XLS

741.0 KB Created: 2010-07-07 03:45:06 Authoring application: Microsoft Excel

MD5: fb409180a398a9620c1f8be05fb1926e SHA-1: 9a03fac217d383bcf75eb8d7ceb454524e04f956 SHA-256: 52c22131b3af7b974d91d7d83793ea1924535468f68fe5e6bc6801b5777e51b8

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel formula macro virus, specifically 'XF.Classic' and 'Poppy', by critical heuristic firings. The embedded document body text contains references to infection routines and payload delivery, including a path that suggests an attempt to infect 'Book1.xls' in the Excel startup directory. No scripts were extracted from this sample.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.