Malicious Office (OLE) / .XLK — malware analysis report

Static analysis result for SHA-256 5304082fa71cf109…

MALICIOUS

Office (OLE) / .XLK

315.5 KB Created: 2004-01-05 13:44:13 Authoring application: Microsoft Excel
MD5: 99547b0e1e8929ac62c990593ffd6a04 SHA-1: e121efca51a1ca929541e6a105a314e0c1b4fc0d SHA-256: 5304082fa71cf10935e034757eae9965b1077cd0caab709d0f5a76d7cad63a05
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly indicates the presence of a legacy Excel formula macro virus, specifically mentioning 'Classic.Poppy by VicodinES' and 'XF.Classic'. The document body contains text related to this virus, including its name and authoring group, suggesting its purpose is to infect other Excel files. No scripts were extracted, but the heuristic firing is sufficient to identify the attack pattern.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.