Office (OLE) / .XLS malware analysis — malicious · 59279dd44750b676

MALICIOUS

Office (OLE) / .XLS

154.5 KB Created: 2004-08-17 07:23:32 Authoring application: Microsoft Excel

MD5: 05f358b11367193099dca9d482d39338 SHA-1: 02e3e851ec8f73e519c69226fffe22d443484701 SHA-256: 59279dd44750b67611ccea7c180ac8fbdf505c5bf20549a7649bdb90a9622b5a

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this is a legacy Excel formula macro virus, specifically identified as 'XF.Classic' and 'Poppy by VicodinES'. The document body contains embedded strings referencing 'Classic.Poppy by VicodinES', 'The Narkotic Network 1998', and 'An Excel Formula Macro Virus (XF.Classic)', along with instructions for infecting other workbooks and saving them as 'Book1.xls' in the 'xlstart' directory. This suggests the primary function is to spread itself to other Excel files.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.