Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 539ede56c345f06a…

MALICIOUS

Office (OLE) / .XLS

68.0 KB Created: 1999-02-08 02:12:02 Authoring application: Microsoft Excel
MD5: 16fdfc54cfb877db2c114abda285699b SHA-1: ff83ac8399c089a73714d5b08fadd4708e1e16d0 SHA-256: 539ede56c345f06ad3363484227a8ae2779ba599d51d86f0fff8ff1a8035b094
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic firing indicates this is a legacy Excel Formula Macro Virus, specifically identified as 'XF.Classic' and associated with 'Poppy by VicodinES' and 'The Narkotic Network'. The document body contains strings related to macro execution, infection, and payload delivery, including the filename 'Book1.xls' which is often targeted by such viruses for persistence. No scripts were extracted, but the heuristic and document content strongly suggest a macro-based infection and payload delivery mechanism.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.