Office (OLE) / .XLS malware analysis — malicious · 54eabef9d4d00730

MALICIOUS

Office (OLE) / .XLS

50.0 KB Created: 2006-09-12 23:05:58 Authoring application: Microsoft Excel

MD5: f48fab7a3e47568d7bd40bf26ca0fe2a SHA-1: 81b32b9a5211f9b6f090e3c2c7604363da22efd3 SHA-256: 54eabef9d4d00730b4490bf04ea4b262990b73fce35690870c78e9003bb6e009

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing a legacy Excel Formula Macro Virus, identified as 'Poppy by VicodinES' and 'XF.Classic'. The embedded text explicitly mentions infecting other workbooks and saving them as 'Book1.xls' in the 'xlstart' directory, indicating a self-propagation mechanism. The virus appears to be a classic macro virus with no immediately obvious network communication or exploit attempts.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.