Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 5af84b5ca7dfff7d…

MALICIOUS

Office (OLE) / .XLS

155.5 KB Created: 2004-08-17 07:23:32 Authoring application: Microsoft Excel
MD5: 30708af7fafe13b16ecf5a65733d3084 SHA-1: 87faa6c8bf97b509f2f2375f55d3adcd96796072 SHA-256: 5af84b5ca7dfff7df15a5a3eb904c452ae0e32d62c27f5c632da73f76ba68e18
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Poppy by VicodinES' and 'XF.Classic'. The document body contains strings related to infection and execution, including paths like 'C:\Program Files\Microsoft Office\Office\xlstart\Book1.xls' which suggests an attempt to infect the Excel startup directory. The presence of VBA-related heuristics points to the use of Visual Basic for macro execution.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.